W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor (#863)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Mar 2019 17:37:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-472529180-1552498669-sysbot+gh@w3.org>
Coming back to this...

>For what it's worth, we have empirical evidence from our rollout of security keys at Google (using the cryptotoken extension) where we got lots of bug reports saying their 'keys didn't work' when in fact they weren't registered. When cryptotoken changed to make them blink, the complaints stopped (rigorous user study, right??).

I suppose Chrome at that time didn't have a popup telling the user that the connected authenticator isn't registered? Would such a dialog eliminate the need for user action on the authenticator?

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/863#issuecomment-472529180 using your GitHub account
Received on Wednesday, 13 March 2019 17:37:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC