by Animesh - Jan 23, 2024
Passkeys are good - more secure, arguably better UX (only reason I feel it is arguable is that it is still new, and uncommon for users to use it)
Here I am logging some questions and notes as I research the possibility of doing passkey based authentication on CoF.
Probably not. We are about to launch a web based version. And browser support is not there on some browsers. Linux based desktops / laptops also might not have native support. So a fallback will be needed. Also, passkeys are not yet popular, so less tech savvy users might not be comfortable with it.
Windows has "Hello", which can do biometric / face ID / PIN based authentication. Current convention seems to be to let users register via a more traditional mechanism, and then let them add passkeys as an additional authentication mechanism.
1password's response is interesting - they are only assuming the scenario where a user has 1password (or some other password manager with passkey support) on all their devices. Also, this makes me further confused about how the UX is in choosing where to store the passkey.
Here's a scenario where on the same device (my mac), things become confusing. I was playing around with this nice demo site - https://www.passkeys.io/:
Some useful introductory content on passkeys:
I am considering the following relatively modern ones:
Keycloak seems to be the most popular one, but not considering it as it is quite heavy to run (JVM based) and perhaps quite complex for our simple needs