- From: Chad Killingsworth via GitHub <sysbot+gh@w3.org>
- Date: Fri, 09 Sep 2022 11:00:41 +0000
- To: public-webauthn@w3.org
> 2. In the US banking industry, it's common for the username entry to be a form on the marketing web site as step 1 which submits to the online banking service provider (my company). The password entry as step 2 is the first place where I have direct control to add the webauthn flows. It will take years to get all of the marketing sites converted into an iframe embed that supports webauthn. > > I'd love to understand number two better. Can you point me to a few live examples, either here or offline/DM? @timcappalli I can discuss this publicly and it will make a good real world use case. The following sites are all demo sites and do not represent real financial institutions. The do however demonstrate an extremely common pattern. I can send you many many real world examples privately if needed. For reference, my company is one of the 3 major financial service providers in the US providing banking service software to US financial institutions. This same scenario is common to the other 2 major providers as well. **Marketing Site** https://www.garden-fi.com/ - this is the "homepage" for the bank. See the "Sign In" link in the top right. You can try out any made up username to see how the flow works. Most banks want users to visit that homepage to get access to online banking as it allows them opportunities to communicate to the customer. They are allowed to submit the username, but not the password. This is is frequently maintained by a different party than the online banking platform. <img width="504" alt="Screenshot 2022-09-09 at 5 56 17 AM" src="https://user-images.githubusercontent.com/1247639/189335169-7b2f17f8-f4ee-45f2-af24-c36859d11a9c.png"> **Online Banking** https://digital.garden-fi.com/ - this is a single platform supporting hundreds of financial institutions and millions of customers. Each institution gets a fully branded experience. This is the site authoritative for login credentials. <img width="502" alt="Screenshot 2022-09-09 at 5 56 37 AM" src="https://user-images.githubusercontent.com/1247639/189335201-0577659b-41fd-449d-8dd8-d78e49c95715.png"> You'll notice that on the online banking page that I have direct control of, the username is already determined. In an ideal UX, I would know that the user has a valid credential available and immediately launch the modal flow (this is what our native mobile apps do). Since that is not possible, the Conditional UI autofill (not yet in production) provides a really great experience and accomplishes most of the same goal. -- GitHub Notification of comment by ChadKillingsworth Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1793#issuecomment-1241827752 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 9 September 2022 11:00:42 UTC