From how I understood the new APIs in the video, it sounds to me like the Face/Touch ID authentication can only be used on services that implement an automatic sign-out for the user to enhance security.
But I didn't quite get if this new API will also be useful for situations where a user actively signs out or has his browser setup to delete all cookies from time to time.
From how I understood it, the user needs to be known to the website already via some cookie when the user visits the website to show the "Sign in with Face/Touch ID" button. If the user was anonymously visiting the website, there would be no way to actually use Face/Touch ID to sign in, is this correct?
So as I understand it, the API doesn't actually provide a secure and convenient way to sign in, instead it merely provides a way to re-sign in.
Please correct me if I'm wrong. A pointer to the API I might have misunderstood would also help clarify this.
But I didn't quite get if this new API will also be useful for situations where a user actively signs out or has his browser setup to delete all cookies from time to time.
From how I understood it, the user needs to be known to the website already via some cookie when the user visits the website to show the "Sign in with Face/Touch ID" button. If the user was anonymously visiting the website, there would be no way to actually use Face/Touch ID to sign in, is this correct?
So as I understand it, the API doesn't actually provide a secure and convenient way to sign in, instead it merely provides a way to re-sign in.
Please correct me if I'm wrong. A pointer to the API I might have misunderstood would also help clarify this.