- From: BoppreH via GitHub <sysbot+gh@w3.org>
- Date: Sat, 10 Dec 2022 16:18:36 +0000
- To: public-webauthn@w3.org
@dagnelies Unfortunately all the methods you listed either sacrifice privacy, or require accessing the backup location/device during sign up, which is both dangerous and adds friction. At minimum, I think a good recovery method (1) should reveal no private information; (2) can be stored somewhere secure like in a safe deposit box or with trusted friend; and (3) still allows me to create new accounts without opening the safe or asking the friend every time. This *can* be done, but has to be supported by the protocol. I'd rather disable the recovery method for my extra-sensitive accounts, than have no good recovery method on any account. -- GitHub Notification of comment by boppreh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-1345298140 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 10 December 2022 16:18:37 UTC