- From: James Hartig via GitHub <sysbot+gh@w3.org>
- Date: Tue, 30 Jan 2024 23:09:39 +0000
- To: public-webauthn@w3.org
> And we want the opposite, because all of those synced devices do not meet compliance standards for a number of high security environments, only security-keys do. But we have no way to filter pre-registration so user's can incorrectly enroll a key that we are about to reject during attestation. The second part is exactly what we are trying to avoid as well. > If you are worried about people losing devices encourage them to enroll multiple keys, and ensure you have workflows to facilitate multiple authenticator enrollments. Do not simply rely on "passkeys are synced" and then limit a user to one credential. We have support for multiple and do encourage them to add multiple but we also understand that many users will not set up multiple. -- GitHub Notification of comment by jameshartig Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1918067420 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 30 January 2024 23:09:42 UTC