W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Mon, 27 Jun 2022 22:13:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1167970549-1656368005-sysbot+gh@w3.org>
> Passkeys fall under the relax of point 3 that @emlun mentioned as they will be synced via iCloud, right? Not sure if this scenario is covered: if I compromise someone's iCloud account and sign in on a new iOS device, wouldn't my faceID unlock passkeys?

Yes, that is exactly correct. Compromise of the iCloud account, now compromises all passkeys associated to the account. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-1167970549 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 June 2022 22:13:29 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC