- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Mon, 24 Jan 2022 16:03:15 +0000
- To: public-webauthn@w3.org
> Also, you are making assumptions that only the primary account credential grants access to "synced" credentials. We know for a fact that this is not the case for the platform provider that currently has beta code available. A single tech preview of passkeys to date by a platform vendor that historically plays things close to the chest has made it difficult to draw any strong conclusions about how other platform vendors will implement passkeys. If Google and Microsoft follow suit with a secondary credential like iCloud Keychain passcode then I take your point that just phishing the primary account credentials would be insufficient. I look forward to the day we can all practically see passkeys for ourselves across all major vendors to give everyone more confidence that passkeys are indeed a good direction for WebAuthn. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1020258186 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 24 January 2022 16:03:16 UTC