Re: [webauthn] Bio-Metric Authentication done by Another finger print (#1444)

If I'm understanding your question correctly, you are registering a credential using a fingerprint but finding that someone else, whose fingerprint is not enrolled, can also pass the fingerprint check?

If so, can you say what authenticator you're using? I.e. is it a physical token plugged into a USB,  Touch ID on macOS, or something else?

Secondly, are you requesting [user verification]( when registering and asserting the credential? (I.e. with [this]( parameter during registration and [this]( one during assertion.)

If you're doing everything right, it's still possible that the fingerprint sensor on the authenticator is just bad and is producing a false positive result for the wrong fingerprint.

GitHub Notification of comment by agl
Please view or discuss this issue at using your GitHub account

Received on Saturday, 20 June 2020 18:07:03 UTC