- From: Kostas Pyliouras via GitHub <sysbot+gh@w3.org>
- Date: Thu, 16 Jan 2025 13:45:22 +0000
- To: public-webauthn@w3.org
In B2B, workspace, and smaller deployments, this functionality can be helpful. For larger consumer deployments with a lot of existing accounts (1 million+), removing the familiar username field (email/phone) and only showing a sign-in button at first would be confusing for users. This is also why many large-scale websites haven’t elevated a “Use Passkey” button yet to the same level as the username field. Instead, they attempt to start a passkey ceremony automatically after the username is entered, even if it comes with complications like user enumeration and false positives (e.g., QR codes). In those cases, conditional mediation still works well because the user has not yet entered their username, but with this approach it would not work due to the AllowList limitation. -- GitHub Notification of comment by kopy Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2228#issuecomment-2595735055 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 16 January 2025 13:45:23 UTC