- From: Mark Fulton via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 May 2022 12:39:01 +0000
- To: public-webauthn@w3.org
mfulton26 has just created a new issue for https://github.com/w3c/webauthn: == Authentication through only what you are == e.g. The native Mint app on Android is able to authenticate me through my fingerprint and it does not give my PIN as a fallback. I'd like to be able to do the same for a web app where something you know, a PIN, isn't acceptable for this particular flow but requires fingerprint (something you are). From what I can tell the current UV flag in authenticator data in authentication responses does not distinguish between PIN and biometrics nor does Webauthn currently support prompting for authentication without a PIN fallback. Unless I've missed something there's no current way for a web app to require biometrics for authentication. I'd like to see this ability added so that when my app needs to protect sensitive data I can prompt to verify the user via what they are and have higher confidence it is indeed them. A spouse, child, or other can easily observe and know someone's PIN when they are around them enough so in some cases a PIN simply isn't sufficient/desired for authentication. Thank you. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1728 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 May 2022 12:39:02 UTC