Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151) from Marco Martins via GitHub on 2022-06-27 (public-webauthn@w3.org from June 2022)

From: Marco Martins via GitHub <sysbot+gh@w3.org>
Date: Mon, 27 Jun 2022 10:02:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1167149064-1656324123-sysbot+gh@w3.org>

> @daniel-nagy you might want to take a look at how WebAuthn will [evolve into passkeys](https://developer.apple.com/videos/play/wwdc2022/10092/) until the end of the year. Especially on Apple and Android devices your use case should be pretty much covered. I suggest you base your regular login on passkeys, and only fall back to text messages on older devices or in case a user loses their passkey device **and** switches the platform, e.g. from iOS to Android.

Passkeys fall under the relax of point 3 that @emlun mentioned as they will be synced via iCloud, right?
Not sure if this scenario is covered: if I compromise someone's iCloud account and sign in on a new iOS device, wouldn't my faceID unlock passkeys?

-- 
GitHub Notification of comment by mamartins
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-1167149064 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 27 June 2022 10:02:06 UTC