Hello,
Considering that some of us might have enforced the use of the email address as username in Keycloak.
When enabling WebAuthn, are we at risk regarding Username Enumeration (Web Authentication: An API for accessing Public Key Credentials - Level 3)? or is there countermeasures implemented in Keycloak?
Many thanks for your help