- From: Emil Lundberg via GitHub <noreply@w3.org>
- Date: Mon, 29 Sep 2025 15:09:38 +0000
- To: public-webauthn@w3.org
> While clients have context about the local device, they don’t know the user’s intent to use an external authenticator Sometimes they do. For example, client implementations have recently been shifting their behaviour towards defaulting to the security key if one is already plugged in, or switching over to that interaction case as soon as the user plugs one in, since those are both very strong signals that the user intends to use the security key. Granted, the user has to know to do that, but they probably do if they have a security key and intend to use it. And if not, the user training needed is minimal. Much like #2310, I don't think it seems appropriate for the RP to micro-manage the client UX like this. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2335#issuecomment-3347547432 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 29 September 2025 15:09:39 UTC