Re: [webauthn] Support `discoverableCredential` field in the API. (#1565)

You're welcome, Emil (@emlun). I concur that it may be too late to "close this barn door" now; but, whatever can be done to simplify descriptions, would be welcome. 

IMHO, FIDO is at a pivotal point currently. Perhaps it might be prudent to focus on simplifying the adoption of **Resident Credentials** first (given recent announcements by 2 major consumer OS suppliers) so barriers to consumer adoption are eliminated. Unless consumers adopt it rapidly in the next 12 months (which depends on major web-sites/apps implementing the capability **and** promoting FIDO aggressively on their sites), I fear it might sputter.

P.S. What I think would really help is for manufacturers of hardware devices (PCs, tablets, mobile) to bundle a Security Key with each device - much as they bundle a power cord - so OS manufacturers would educate consumers from the moment their new devices are setup, and Account Recovery is also addressed with the bundled Security Key. While this does add a small cost to consumers, I think data breaches related to passwords over the last 15+ years have cost consumers far more than that already.

-- 
GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1565#issuecomment-879846123 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 14 July 2021 12:24:11 UTC