PassKey implementation is not compliant with WebAuthn standard

https://www.w3.org/TR/webauthn-2/#sctn-user-handle-privacy

Since the user handle is not considered personally identifying information in § 14.4.2 Privacy of personally identifying information Stored in Authenticators, the Relying Party MUST NOT include personally identifying information, e.g., e-mail addresses or usernames, in the user handle. This includes hash values of personally identifying information, unless the hash function is salted with...
Click to expand...

Read more

Читать далее...