W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] How to know if a user has already registered a device? (#1749)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Sat, 25 Jun 2022 20:44:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1166358703-1656189873-sysbot+gh@w3.org>
I'm really curious how people work around this problem, because I still haven't found a solution.

Using a fictive dialog like this is a disaster:

<img width="296" alt="image" src="https://user-images.githubusercontent.com/5452653/175789544-87f9b0d5-a17a-4fe2-a08f-b3e72c4618a1.png">

In this example, the "Register" would be the equivalent of a `credentials.create` and "Sign In" of `credentials.get`.

If the user "registered" on its windows laptop, and then opens the page with its android phone, clicking "Sign In" would be the most intuitive choice for almost every user. Even if you rename it more accurately "Register device", many users would find it disturbing. Moreover, clicking on "Sign In" would not fail, it would prompt for external security keys since a local one is not present which would confuse the user even more.

So, how do others tackle this?

GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1166358703 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 25 June 2022 20:44:36 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC