On Sun, Sep 4, 2022 at 1:53 AM Richard Shaw <hobbes1069(a)gmail.com> wrote:
Is it that big of a deal to require some sort of practical
affirmation on an annual basis? It could be completely automated.
Am I way off base here?
I don't think so, with some extensions. I
still assert that PP's that do not have and
use a "PassKey" (Apple's rebranding of
FIDO2 multifactor (Apple is great about
branding)) should regularly (once a year?)
need to reaffirm "I'm not dead (yet)",
while those with an enrolled PassKey
should be able to only revalidate when
then hit one/more of the other criteria,
as their account is highly protected
against abuse.