W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] Syncing Platform Keys, Recoverability and Security levels (#1640)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Jan 2022 00:18:02 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1009477718-1641860280-sysbot+gh@w3.org>
The issue here is that this process is wayyyyy too complex for most people to be able to manage. I couldn't imagine trying to communicate this to my brother who is a carpenter and have him successfully able to create this recovery material, let alone using it to retrieve a key.

For example, "just export the recovery credentials" really glosses over a lot of complexity. Where will a user export it to? How will they preserve that? On a USB stick, which is a lossy medium? 

While this whole process is technically very cool, and interesting, I think that it's really overlooking the experience of an everyday user to achieve this reliably. 

Please when you come up with a process like this, step back and talk it through with non-technical folk and see if they can follow it. because that's your audience here. If I can't communicate this process to my brother, or my neighbours, then it won't work at scale. 


GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1640#issuecomment-1009477718 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 11 January 2022 00:18:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC