Re: [webauthn] Hybrid transport opt-out and ability for verifiable proof (#2349) from Tim Cappalli via GitHub on 2025-10-24 (public-webauthn@w3.org from October 2025)

From: Tim Cappalli via GitHub <noreply@w3.org>
Date: Fri, 24 Oct 2025 15:45:13 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3443799883-1761320709-noreply@w3.org>

It's also important to remember that WebAuthn and passkeys are designed to prevent remote phishing attacks. Physical proximity attacks are largely outside the threat model. That said, there is additional work happening to evolve the FIDO Cross-Device Authentication experience.

Also, if the client or client platform is compromised, most other bets are off. There are other ways to mitigate risks in high assurance workforce scenarios. 

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2349#issuecomment-3443799883 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 24 October 2025 15:45:13 UTC