Re: [webauthn] Authentication through only what you are (#1728)

> I appreciate all the points about how a compromised PIN/pwd is an issue.
> 
> I used my Mint app again this morning and it still gave me a good feeling having it ask for my fingerprint with no PIN fallback available. Isn't that silly? 😂
> 
> Is there a good use case to allow biometrics only? Android apps can clearly do it and I know there is a lot of momentum out there to enable web apps to do things that have previously been only available to native mobile apps.

There are only negatives sadly. Biometrics may be fast and convinent, but if something happens (burn your thumb, authorities force you to unlock device, some passes away and you need to recover account) then your stuck. The PIN is there as a "fallback" effectively. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1728#issuecomment-1119168136 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 6 May 2022 00:47:25 UTC