Re: [webauthn] Feature Request: disableAutoSelect for PublicKeyCredentialRequestOptions (#2335) from jychab via GitHub on 2025-09-29 (public-webauthn@w3.org from September 2025)

From: jychab via GitHub <noreply@w3.org>
Date: Mon, 29 Sep 2025 14:29:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3347316101-1759156166-noreply@w3.org>

When a platform authenticator is present, alternative options can be hidden behind extra steps, reducing the visibility of roaming keys or cross-device passkeys. While clients have context about the local device, they don’t know the user’s intent to use an external authenticator, so auto-selection can favor the platform key.

RPs, in contrast, have insight into their users and the types of authenticators they register. This allows them to optimize the experience—for example, by not prioritizing platform keys if most of their users rely on security keys.

-- 
GitHub Notification of comment by jychab
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2335#issuecomment-3347316101 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 29 September 2025 14:29:29 UTC