[morpheuskafka]

This article is from April 2020, over three years ago.

Since then, both Apple and Google have implemented WebAuthn for passwordless account signin. Best Buy does too.

edit: eBay does too, I remembered right according to the list posted below. Some notable ones are DocuSign, PayPal, Shopify, Adobe, and CVS.

[candiddevmike]

Still sucks to add it to your app. You pretty much have to use a library or you'll be maintaining all of the device level quirks yourself. OIDC has the same problem where the standard was too loosey goosey and didn't provide a true standard interface, leading to some special handlings for providers.

IMO, folks who write standards need to write them with the best interests of the developers who will be integrating it, not the service providers.

[AmericanChopper]

Nice idea but I’m not sure it would matter. Nobody implements standards, even when they’re properly defined.

[lll-o-lll]

They do when there is a certification process. That’s the key to a well defined standard, a certification. The test suite is the real standard.

[AmericanChopper]

My personal experience with certified implementations is that they still tend to be not especially standardised. A test suite is just as susceptible to subversion as a written standard is. If that wasn’t true then unit tests is all we’d ever need to merge a PR.

[RussianCow]

Businesses still need their stuff to work on Chrome whether or not it's certified, so this is kind of a moot point.

[stavros]

Hm, PayPal allows passwordless? I can't seem to find the option.

[5e92cb50239222b]

They didn't really. I don't consider this:

> Passkeys can only be created on locked mobile devices from Chrome (Android or Apple devices) and Safari (Apple devices only) browsers.

to be a proper implementation.

https://www.paypal.com/us/cshelp/article/what-are-paypal-pas...

[stavros]

Oh wow, way to close an open standard.

[thedougd]

Home Depot as well.

[ajkjk]

... Best Buy?

[toomuchtodo]

One of the first!

https://old.reddit.com/r/apple/comments/xk6hiq/bestbuycom_am...

Tracking: https://passkeys.directory/

[morpheuskafka]

Yep, very prominently featured too. Annoying, I had to close a modal Sign in with Google popup first, which shouldn't exist since there is already a button for that. (Also, thanks for reminding me my rewards there are about to expire since they change the program to require a credit card.)

https://imgur.com/mVfFdtc https://imgur.com/ZXwB2QH

[drdaeman]

Ah, yes, a well-known example on how to not do it.

They don't support non-biometric authenticators, so one can't use e.g. Yubikey.

[mooreds]

If you are looking for a list of sites that support webauthn, this is a decent one: https://passkeys.directory/ (sponsored by 1password).

Edit: oops, sibling comment mentioned this too.