Extend 2FA with WebAuthn support #698
Comments
|
Would this extend to a completely passwordless login with passkeys as well? |
In general, why not! But: #316 (comment) has a concern about this, namely the complexity of having to deal with attestation / PKI stuff. I'm not too familiar with that stuff (yet). If you know more, can you share what you think about this? |
|
I would generally say that the quality of the authenticators people use for their own accounts is more or less their own business and that there’s therefore no need to pull attestation into the mix just to implement WebAuthn fully. It’s no different from choosing to leave your API keys unprotected. Attestation is usually used by e.g. corporate environments or banks or whatever that want to enforce strict policies around what’s used for authentication. |
#316 (comment)
The text was updated successfully, but these errors were encountered: