Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151)

> Passkeys fall under the relax of point 3 that @emlun mentioned as they will be synced via iCloud, right? Not sure if this scenario is covered: if I compromise someone's iCloud account and sign in on a new iOS device, wouldn't my faceID unlock passkeys?

Yes, that is exactly correct. Compromise of the iCloud account, now compromises all passkeys associated to the account. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 27 June 2022 22:13:29 UTC