-
…in reply to @troyhunt
troyhunt @minimike86 But in the case of Webauthn, on-device biometrics having a fallback is very different than the sites themselves still having passwords. Webauthn handles the key exchange after whatever the local authn is: bio, password, or otherwise. blog.eldrid.ge/2018/11/05/in-defense-of-webauthn/