|
|
|
|
|
|
by jackson1442
781 days ago
|
|
|
> It's up to the server whether it uses it in challenge-response or not. That's application-specific behaviour that's past the definition of passkeys themselves. Do you have a source for this? After reading the W3 spec[0] this seems entirely antithetical to the Passkey model and additionally raises concerns about the integrity of hardware mfa devices. [0]: https://w3c.github.io/webauthn/ |
|
|