Are there best practice process diagrams to support the correct usage of these with b2c services?
how should the initial verifiacation happen?
what happens when i loose/corrupt/break the device?
should this represent me as a human or the keys to an account? - should a human hold the permissions ultimately (if so how to i override a key?)
I always wonder, are there banks using U2F/Fido(2)/Webauthn or whatever it’s called now? I’m reasonably certain not in Germany, but is there one in another country?
how should the initial verifiacation happen? what happens when i loose/corrupt/break the device? should this represent me as a human or the keys to an account? - should a human hold the permissions ultimately (if so how to i override a key?)