Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor (#863)

Coming back to this...

>For what it's worth, we have empirical evidence from our rollout of security keys at Google (using the cryptotoken extension) where we got lots of bug reports saying their 'keys didn't work' when in fact they weren't registered. When cryptotoken changed to make them blink, the complaints stopped (rigorous user study, right??).

I suppose Chrome at that time didn't have a popup telling the user that the connected authenticator isn't registered? Would such a dialog eliminate the need for user action on the authenticator?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/863#issuecomment-472529180 using your GitHub account

Received on Wednesday, 13 March 2019 17:37:52 UTC