Use AAL2/3 Passkeys in All Other Contexts
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Use Case
- Incubating: recommended
- Active: recommended
- Retiring: recommended
Description
All Other Contexts: Use a passkey (AAL2) or hardware key (AAL3) that activates using a password or biometrics
Details
- C-SCRM: true
- Priority Group: R1
- Mitre: CWE-308
- Sources: OpenSSF Great MFA Project Security Rationale