- From: Lucas Garron via GitHub <sysbot+gh@w3.org>
- Date: Thu, 03 Apr 2025 03:12:39 +0000
- To: public-webauthn@w3.org
> I don't speak for credential providers but it seems for some reason the native credential APIs don't have high adoption rates so far. And it's affecting me as an end-user I also strongly concur with this. I use 1Password, and for one reason or another they have decided to inject 700kB into every single page load to implement their UI. In addition, they have implemented this in a way (at least in Chrome) that intercepts every single WebAuthn call unless I manually opt out in every every single user profile on each Chrome installation that I use. While in theory it's possible to say "if you don't like that, don't use 1Password", there are a lot of considerations for what password manager to use. "The one I'm using makes me very uncomfortable" is still preferable to "other choices have dealbreakers". There are also non-trivial risks to switching. The WebAuthn spec has generally struck a great balance incentivizing both browsers and sites to implement good UX. This is a great success. But as it stands, password managers interject themselves and break this balance. Considering this issue out of scope leaves the UX broken for many users in practice. -- GitHub Notification of comment by lgarron Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1976#issuecomment-2774334842 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 3 April 2025 03:12:40 UTC