W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2021

Re: [webauthn] Support `discoverableCredential` field in the API. (#1565)

From: Arshad Noor via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Jul 2021 12:24:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-879846123-1626265447-sysbot+gh@w3.org>
You're welcome, Emil (@emlun). I concur that it may be too late to "close this barn door" now; but, whatever can be done to simplify descriptions, would be welcome. 

IMHO, FIDO is at a pivotal point currently. Perhaps it might be prudent to focus on simplifying the adoption of **Resident Credentials** first (given recent announcements by 2 major consumer OS suppliers) so barriers to consumer adoption are eliminated. Unless consumers adopt it rapidly in the next 12 months (which depends on major web-sites/apps implementing the capability **and** promoting FIDO aggressively on their sites), I fear it might sputter.

P.S. What I think would really help is for manufacturers of hardware devices (PCs, tablets, mobile) to bundle a Security Key with each device - much as they bundle a power cord - so OS manufacturers would educate consumers from the moment their new devices are setup, and Account Recovery is also addressed with the bundled Security Key. While this does add a small cost to consumers, I think data breaches related to passwords over the last 15+ years have cost consumers far more than that already.

-- 
GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1565#issuecomment-879846123 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 14 July 2021 12:24:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC