- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 03 Jun 2020 18:53:22 +0000
- To: public-webauthn@w3.org
Cloning can work for non resident credentials. For resident/Discoverable ones it gets tricky especially if you want to support more than one credential per RPID on the authenticator. If it is the manufacture that clones them the user needs to buy two new ones and re register at all the sites or they wont have a backup. I personally think consumers should register two keys at Google, Apple , and Microsoft then just use federation. But I understand that is not a popular opinion. Trying to do individual account recovery across hundreds of RP is a nightmare no matter what we do. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1425#issuecomment-638393919 using your GitHub account
Received on Wednesday, 3 June 2020 18:53:25 UTC