- From: r-jo via GitHub <sysbot+gh@w3.org>
- Date: Fri, 18 Aug 2023 16:35:45 +0000
- To: public-webauthn@w3.org
I did not answer your questions because I think I did them before but again: If it is optional, not required, others who fear those screenshots you published can set the starting username or note fields in the pass manager. Your reply was an argument against deleting the fields not against making them optional. If it is optional, I can decide that I dont give a shit about users who create more than one accounts. It is not normal and I do not support multiple accounts and I do not use usernames or personal identifiers! For such websites if a user creates multiple accounts, which it can, then it is of course his/her responsibility to manage in his/her pass manager labels... in my service, in a usernameless account, there are no such labels because it makes no sense to have more than one account. Your thinking is very tight to the fact that everybody uses burner accounts and multiple accounts but it does not make it normal. Do you have more accounts by your bank? Do you have more real digital identity account in your country? And no, I do not want to prohibit it, I cannot prohibit it but it is not my responsibility if a user creates 2 usernameless accounts in a web domain and doesnt have any idea which is which. Hint: enter both accounts, know why you created them and why you need them how you want to distinguish them (you are on pro level in one account and the opponents are too strong and you want to create a new one where you seem to be an amateur and enjoy being super dominant, then call them pro and amateur in your pass manager, or call them 1 and 2 I dont care). And I suggested for example - until only one account, which should be the normal case, keep it simple, no labels, use your passkey UX etc. - if multiple accounts and no help from the website (blanks now or in a well designed API not using optional fields) then the pass manager could label them 1,2 or creation time and the user can name them as he wishes Another example, a usernamless account with the option(!) of email recovery could let the user manage the labels which could be the email adresses (if the user has no idea, enter account with label 1, check email, then replace label in the pass manager to email adress) A nicer website could suggest the email adress as label. But actually, I would not do this because it makes usually no sense to have real users create multiple accounts. The users are not babys. Websites should not micromanage things that they actually have no power or responsibility over. -- GitHub Notification of comment by r-jo Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1915#issuecomment-1684165073 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 18 August 2023 16:35:47 UTC