Tag: WebAuthn

Webauthn's userVerification:preferred and its Pitfalls

Webauthn is a beauty. A relatively easy to implement way to allow users a secure 2-Factor experience. (easy enough that I could re-create my Webauthn Sandbox after losing it in my migration, FUN! Well, sarcasm aside, there are a few things I dont like with it, and one of them is the default state of the userVerification Flag. For anyone who isnt all-aware in Webauthn and stuff: more modern Fido2 devices are generally capable of a feature called userVerification, in ...