[webauthn] Preventing registration on multiple devices (#2241) from Marin Kirkov via GitHub on 2025-01-21 (public-webauthn@w3.org from January 2025)

From: Marin Kirkov via GitHub <sysbot+gh@w3.org>
Date: Tue, 21 Jan 2025 15:26:50 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2802157008-1737473208-sysbot+gh@w3.org>

mar1n3r0 has just created a new issue for https://github.com/w3c/webauthn:

== Preventing registration on multiple devices ==
## Description

I have read the considerations about avoiding turning webauthn into a super cookie but the whole point of biometrics is to be able to identify a user on many devices. So imagine the following use case. You are developing a wallet for universal basic income. To avoid malicious behavior you want to make sure a user can register only once and can't get new wallets from new devices. Is there a way to achieve that while maintaining the security per device. Is it possible to avoid tracking while covering this use case?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2241 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 21 January 2025 15:26:51 UTC