- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Sun, 23 Feb 2025 16:19:29 +0000
- To: public-webauthn@w3.org
User verification (UV) is when the the authenticator collects a pin or biometric from the user. User Presence is when you press a physical button on a security key or click on a secure dialog. That said software authenticators on platforms are not currently certified Fido authenticators and can be a bit creative. They may ignore UV preferred and not prompt for a biometric if one is not convenient eg the lid of your computer is closed so you can't touch the sensor. They then should return UV=false in the response. A reason you should always check the response and not assume that you are getting back what you asked for. They also may not have the ability to securely collect UP and may do so with a normal dialog. Credentials created with the credprotect extension at L3 would always require UV however not all software authenticators support that extension. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2266#issuecomment-2676968579 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 23 February 2025 16:19:30 UTC