W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] Clarify how a user can authenticate from multiple devices (#151)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Mon, 27 Jun 2022 22:13:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1167970549-1656368005-sysbot+gh@w3.org>
> Passkeys fall under the relax of point 3 that @emlun mentioned as they will be synced via iCloud, right? Not sure if this scenario is covered: if I compromise someone's iCloud account and sign in on a new iOS device, wouldn't my faceID unlock passkeys?

Yes, that is exactly correct. Compromise of the iCloud account, now compromises all passkeys associated to the account. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-1167970549 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 June 2022 22:13:29 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC