how does “Avoid locking users out if WebAuthn is not available” work?
-
would that mean people could just forge a user agent that cannot use webauthn like the Internet explorer and then go ham on the password login despite the Password login having been disabled? or how does this exactly go.
also if password login is disabled maybe instead of the password form, show something to the user that tells them to get a decent browser as password login is turned off.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘how does “Avoid locking users out if WebAuthn is not available” work?’ is closed to new replies.