[webauthn] Multiple Authenticator Options and Policies (#1601)

cyberphone has just created a new issue for https://github.com/w3c/webauthn:

== Multiple Authenticator Options and Policies ==
When using Windows Hello with WebAuthn I get multiple options to authorize the login.  FingerPrint, PIN, and Password.

This appears to be platform specific and also having no relation to possible RP policies.

Although biometric authentication is great, there are legitimate use-cases where a password/PIN would be required like for people that are hospitalized and a relative or other proxy carries out their on-line banking activities.

For this to work satisfactory there should be an RP option forcing the user to create a password/PIN that also must conform to an RP policy ("1234" may not be satisfactory).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1601 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 22 April 2021 06:46:58 UTC