Re: [webauthn] Add Yubico's proposed recovery extension (#1425)

Anouther point on the usage of "clone" Authenticators: That approach introduces some security issues that we've explicitly attempted to eliminate with this proposal.

If you have a single Authenticator, how can you be sure that there isn't a clone of it somewhere that you don't know about? Maybe it originally came as part of a "2-pack", but one Authenticator was re-packaged individually for you (the other held on to by an adversary). Or, since we envision the Backup Authenticator being stored in a "secure location" and not used day-to-day, how can you discover if someone still manages to steal it? We wanted to make it impossible to covertly use a "spare key" to access your accounts.

This is why we A) make it explicit to the user when a backup credential is registered, and B) disable the "lost" credential when recovery is performed.

GitHub Notification of comment by dainnilsson
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 3 June 2020 13:16:40 UTC