- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 Nov 2024 02:07:31 +0000
- To: public-webauthn@w3.org
> Experience with HSTS preloading indicates that given the scale of the web, sharp APIs must have some way to undo damage from improper use. Many tears have been shed for a misplaced API call. Someone (probably, lots of people) may hold the API wrong and clear user passkeys. Understood. If it is the case, I recommend that the authenticator would notify the user that the recovered credential may not work when the user tries to restore the hidden credentials from the authenticator. What do you think so? We could add some notes around how authenticator may communicate with users when restoring the credential. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2192#issuecomment-2475213689 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 14 November 2024 02:07:32 UTC