- From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
- Date: Tue, 05 Apr 2022 09:37:48 +0000
- To: public-webauthn@w3.org
Just to add my grain of salt. I think there are plenty of ways to recover accounts upon device loss. https://dev.to/dagnelies/webauthn-what-if-i-loose-my-device-1lbh I don't think there is a need to embed some "backup" functionality as part of the protocol. I would even be worried if the private key would be shared in any way, even if it's called a backup. It would be like sharing an unencrypted password. One strong security aspect of webauthn is the certainity that this private key is a secret tied to the authenticator device and that there is no way to "extract it". I hope it stays that way. 😉 -- GitHub Notification of comment by dagnelies Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-1088486246 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 5 April 2022 09:37:50 UTC