Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151) from Emil Lundberg via GitHub on 2021-08-26 (public-webauthn@w3.org from August 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 26 Aug 2021 09:34:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-906249285-1629970482-sysbot+gh@w3.org>

@knightcode Correct, but remember that techniques like browser fingerprinting can likely narrow the searchable space down to a manageable size. Then the website could use the silent probe to exactly identify the user without the user's consent. This does presuppose that the user has at some point authorized a credential creation for that site, but it's far easier to confuse a user into doing that once than into doing it every time you want to identify them.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-906249285 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 26 August 2021 09:34:46 UTC