Firstyear’s blog-a-log

May 13, 2024

This is just the icing on a long trail of enshittification that has undermined Webauthn. I’m over it at this point, and I think it’s time to pour one out for Passkeys. The irony is not lost on me that I’m about to release a new major version of webauthn-rs today as I write this.

Source: Firstyear’s blog-a-log

We’ve covered WebAuthn and passkeys here a few times and had like many hoped they were the next iteration of a much safer more user friendly web security–turns out maybe not so much according to William Brown, who is pretty well credentialed in this department as the author of Webauthn-rs

Webauthn is a modern approach to hardware based authentication, consisting of a user with an authenticator device, a browser or client that interacts with the device, and a server that is able to generate challenges and verify the authenticator’s validity.