- From: Lucas Garron via GitHub <sysbot+gh@w3.org>
- Date: Sat, 20 Feb 2021 00:32:22 +0000
- To: public-webauthn@w3.org
> if there is no intent to implement FIDO for its raison d'etre, why bother implementing it at all? I’m not sure I follow. We’re implemented “trusted devices” as described in the spec (see my link above). The trusted device concept works regardless of whether a user has additional 2FA options, and we want to offer something that is both safer and more convenient than what the vast majority of users are currently using. Industry-wide adoption numbers for 2FA are low, and I think that gating trusted device functionality behind the complexity of normal 2FA is counter to the goals and the spirit of the spec. (That said, I think it would be great to get to the point where WebAuthn can be used so commonly that we can raise the bar for non-WebAuthn login as well.) -- GitHub Notification of comment by lgarron Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1566#issuecomment-782478896 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 20 February 2021 00:32:23 UTC