-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
way to return a platform specific Name for the thing that gets registered. #1304
Comments
Idea: "Using this device to verify its you". But on Windows the preferred language is Windows Hello. |
on 2020-01-29 call: need platform folks' thoughts on this one. |
on 2020-02-19 call, @akshay reports that he's heard from RPs about this recently (they are having this issue...) some folks concerned that anything returned might be used by RPs to discriminate unnecessarily between authnrs. |
I see two problems with this:
I would strongly encourage the FIDO Alliance and W3C to work on creating educational material to "lift users up" by giving them the knowledge they need to they know what to do with their brand/type of Authenticator when prompted to use their FIDO Authenticator, rather than to "dumb them down" further. In the long-term, educating users will be a win-win situation for everybody concerned. (In case you're wondering what is the harm in shielding them from information they ought not to/might not care about, you only have to read the current headlines in newspapers to see the consequences of that strategy). |
2020-02-26 meeting: the room agrees that given the several opinions expressed above for not doing this, we will close this. |
Today, when RPs ask the user to register a FIDO authenticator, it is difficult to learn what to ask the user for (Fingerprint, Security Key, FIDO Authenticator, ...).
Ideally they would ask "Do you want to register a FIDO Authenticator?" - but not all users might understand that.
On the other hand some platforms are pushing for their specific names (Windows Hello, TouchID, FaceID). But while guessing whether Windows is the underlying platform might be possible, distinguishing TouchID from FaceID is not that straight forward through JavaScript.
And most users might still primarily of the modality, e.g. "Do you want to use your fingerprint to authenticate?". But the leading modality is not easy to guess through JavaScript.
Note: Asking for "Do you want to register your Security Key?" is highly confusing when platform authenticators are being used.
Any thoughts?
The text was updated successfully, but these errors were encountered: