[Webkit-unassigned] [Bug 213610] New: [WebAuthn] Support device passcode as well as biometrics

Thu Jun 25 10:33:36 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=213610

            Bug ID: 213610
           Summary: [WebAuthn] Support device passcode as well as
                    biometrics
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cbrand at google.com

>From the demo, it looks like WebAuthn "platform" support is restricted to biometrics. This is challenging from an accessibility standpoint as well as just in-general for user experience. Is it possible to add the ability to unlock keys using "anything the device can be unlocked with" here? This seems to be in-line with how WebAuthn platform authenticators are implemented elsewhere (Windows Hello, Android, etc). There doesn't seem to be a security benefit to doing it the way it's currently being done, unless all platform keys are blown away on biometric profile change, which I think will be unfortunate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200625/cd404fc2/attachment.htm>