|
|
|
|
|
|
by Hamuko
1505 days ago
|
|
|
It's SHOULD as per RFC2119, so basically you need to have a good reason with an understanding of the implications to ignore it. One of the implications here being that you have zero available authenticators if your main authenticator breaks. https://www.w3.org/TR/webauthn-2/ |
|
|