Re: [webauthn] How to know if a user has already registered a device? (#1749) from Hudson Gouge via GitHub on 2024-06-23 (public-webauthn@w3.org from June 2024)

From: Hudson Gouge via GitHub <sysbot+gh@w3.org>
Date: Sun, 23 Jun 2024 18:31:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2185263649-1719167493-sysbot+gh@w3.org>

My issue here is that the user may create a credential on a computer (e.g. Windows Desktop) and want to use it on mobile (e.g. iPhone). They may not be in the same ecosystem and so may not transfer. In addition, you can't use the first device to sign into the second. So, the only solution is to have a password backup and require the user to sign in with the password then create a credential. 

Passkeys don't seem to be, in their current version, a real password replacement, but instead something to be used in addition.

-- 
GitHub Notification of comment by hg0428
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-2185263649 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 23 June 2024 18:31:36 UTC