We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
  • stravanasuEnglish
    26 months ago

    The current security philosophy almost seems to be: “In order to make it secure, make it difficult to use”. This is why I propose to go a step further: “In order to make it secure, just don’t make it”. The safest account is the one that doesn’t exist or that can’t be accessed by anyone, including its owner.