Re: [webauthn] Recovering from Device Loss (#931)

Just to add my grain of salt. I think there are plenty of ways to recover accounts upon device loss.

I don't think there is a need to embed some "backup" functionality as part of the protocol. I would even be worried if the private key would be shared in any way, even if it's called a backup. It would be like sharing an unencrypted password. One strong security aspect of webauthn is the certainity that this private key is a secret tied to the authenticator device and that there is no way to "extract it". I hope it stays that way. 😉 

GitHub Notification of comment by dagnelies
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 5 April 2022 09:37:50 UTC