- From: James Hartig via GitHub <sysbot+gh@w3.org>
- Date: Tue, 30 Jan 2024 15:31:59 +0000
- To: public-webauthn@w3.org
We would like to discourage the use of single-device authenticators because of their risk of being lost/destroyed/etc and encourage the use of iCloud, Google, 1Password, etc authenticators since they will sync across devices. We're finding the `hints` field to be confusing in this respect. * 1Password seems to ignore `hints` completely. * On Windows+Chrome `client-device` means Windows Hello and removes all other options. * On Windows+Chrome `hybrid` means mobile phone or security key (and no Google account option). * On Windows+Firefox `client-device` means Windows Hello and removes all other options. * On Windows+Firefox `hybrid` means mobile phone or security key. * On MacOS+Chrome `client-device` means Google account passkey with the option to use iCloud. * On MacOS+Safari `client-device` means iCloud. * On iOS `client-device` means iCloud. * On Android+Chrome `client-device` means Google account. So we need to do UA sniffing to understand if its Windows or not and send a different hint if its Windows. Does that seem correct? Could there be a new hint added that would convey a preference for "synced" passkeys? -- GitHub Notification of comment by jameshartig Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1917230414 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 30 January 2024 15:32:02 UTC