|
|
|
|
|
|
by drdaeman
1106 days ago
|
|
|
There's more. Password recovery means that you're changing your password. Every single password reset flow does what it says on the tin - resets your password. After it's complete, old password is gone, account has a new password. This is logical. For Passkeys, going through the recovery flow may indicate two possible things: 1) that you lost the Passkey and going through the recovery to replace it with a new one; or 2) that you merely want to log in on a different device where the original Passkey is not available. This, of course, is going to work in practice - much worse designs had worked after all. But it's all logically unsound, and not really addressed by standard bodies or large implementers. It's not a big deal and there are ways to make it logical - but because it's not addressed it's gonna be a mess. |
|
|