|
|
|
|
|
|
by peter_l_downs
924 days ago
|
|
|
I’m a fan of passkeys and bullish on continued UX improvements but completely agree with you. Even basic things like “when I’m on a website, show all my passkeys for it and where they’re stored (browser, 1password, macos keychain)” or “when I’m adding a passkey for a site, properly choose where it’s stored and know what other devices it will be synced to or accessible from” are hard or impossible or confusing. Improvements needed. If I were maintaining an auth system right now, I’d make sure webauthn was supported as both a login and 2fa method, make sure i didnt require hardware-scoped keys, and leave them off by default. Advanced users can opt in and support themselves. 2fa defaults to the standard qr code. Logging in allows “send me a magic link” but defaults to email and password. No usernames. I feel like thats reasonable? |
|
|