|
|
|
|
|
|
by toomuchtodo
1082 days ago
|
|
|
If I get locked out, I expect the ability to reset my passkeys (stored in iCloud primarily) with an email, just like I would with a password reset. Passkeys are cryptographic primitives replacing password strings, not replacing identity. There is a difference. The Home Depot mobile app does something similar already. Passkeys/biometrics for a persisting an iOS session, and to re-up a session, you get emailed a six digit code to your email. Why have the password? If email as identity as insufficient for your use case, ask the user for a government credential using Stripe Identity or ID.me, or doing a token amount charge on a financial account the user has
access to (offloading the identity proofing to their bank) to bring their account back up to a higher assurance level (“IAL”) during an access reset. I recommend recovery contacts if you’re in the Apple ecosystem. Tangentially, setup legacy contacts as well. https://support.apple.com/en-us/HT212513 https://support.apple.com/en-us/HT212515 https://support.apple.com/en-us/HT212360 (customer and corp IAM is a component of my work at a FinTech) |
|
|