[Lacerda69]

For anything serious password + WebAuthn MFA with Ory Kratos. It lets me choose any method really, can be self-hosted or used as SaaS.

IMO it's almost always good to offer some OIDC social login, just depends what provider your users use.

- https://github.com/ory/kratos

[CGamble26]

This may be a dumb question but, why couldn’t applications just use Webauthn? Why add passwords?

[vdelitz]

The only reason probably if some accounts already have a password and you want to support it. If you're building a new app, I'd also go for WebAuthn / passkeys-only and use some other passwordless method (e.g. social login/OIDC or email magic links as fallbacks)

[CGamble26]

Ok understood, thank you very much!