|
|
|
|
|
|
by aseipp
1134 days ago
|
|
|
> but the WebAuthn spec (which is what passkeys are based on) doesn't require any contact info to be provided. This isn't an issue with the spec, it's an issue with account creation, account information, and recovery flow on part of the operators of the website. Those operators are already familiar with this dance. They will use information that is required for registration in order to provide account recovery, and yes, this will include an optional, or possibly mandatory, email address/phone number/whatever to do so. Existing registration flows that already work and ask for this information will barely need to change, and most users of Passkeys will be adding them to these already existing flows, so it's practically a non-issue. Or at least no more than it already was. |
|
|