1. 12

  2. 3

    https://webauthn.io/ is a demonstration app from Duo Security, which explains the W3C webauthn well.

    1. 4

      Is the form on webauthn.io representative of a typical WebAuthn form? I can’t imagine your typical site visitor knowing what attestation is not what to choose for it or the authentication type fields.

      1. 1

        I believe that https://webauthn.io/ is to demonstrate capabilities to developers - to encourage up take of Webauthn rather than as a demonstrator for an application user.

    2. 2

      Umm, but from security perspective, it’s intended as complementary to passwords (i.e. 2nd factor), not as a replacement, no?

      1. 3

        If I understand correctly, it is up to the developer. If the developer wants to ask a password in addition to the WebAuthn thing, it should be doable.