[omerc]

that's the beauty of webauthn! this login process tied your device to the email address you provided, on passkeys.guru - no access/permission was granted to the website!

the only thing shared with passkeys.guru is the pubic key of your device (which was generated specifically for passkeys.guru and cannot be used to identify you or your device on other websites)

no biometrics or any other PII was shared with passkeys.guru in the process.

technically, you can use any identifier you want with passkeys, even just a dummy username - we chose to use email as it allows pairing with other authentication methods (oauth, magiclink, etc.) that are email based

[tomgs]

Reading about it a little bit now + referencing the article - that looks like a normal web standard, not something a proprietary player should have any business dealing with. If the major browsers will already support this, why do I need a third-party plater?

Just use the latest & greatest open-source library, no?

[omerc]

You can definitely implement (and maintain) authentication yourself, or consider a managed service so you can focus on your own app that

AKA: We do Auth, you do you.