Re: [webauthn] Prevent browsers from deleting "server-side credentials" for the RP (#1569) from Lucas Garron via GitHub on 2021-02-09 (public-webauthn@w3.org from February 2021)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Tue, 09 Feb 2021 04:15:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-775649882-1612844134-sysbot+gh@w3.org>

One not-so-crazy option would be to recommend that RPs with existing security key user handles generate a second user handle to be used for passwordless registrations (and maybe a third for usernameless registrations, if that's not covered by "passwordless"?). However, this seems like a rather annoying responsibility to heap on RPs when it could be fixed at the spec or browser level.

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1569#issuecomment-775649882 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 9 February 2021 04:15:37 UTC