mabramux

Results 4 comments of mabramux

Login without PIN possible although PIN set (WebAuthn)

> I think this might be caused by Firefox using FIDO U2F, while Chrome uses FIDO2 by default. Some time ago a behavior was added to the firmware to accept...

Login without PIN possible although PIN set (WebAuthn)

@conorpp > If a PIN is set, then it is only required for registration/makeCredential. It is still optional for authentication/getAssertion. This is in the webauthn spec. Ok, I didn't read...

Login without PIN possible although PIN set (WebAuthn)

After reading the specification, I think I have understood that the UV can be used optionally on the RP side for both authentication **and** registration. I also tried a registration...

Login without PIN possible although PIN set (WebAuthn)

Ok, that all sounds, like there is no fault in the implementation by solokey. But I stand by my opinion. From the user's point of view this is a mistake...