Hacker News new | past | comments | ask | show | jobs | submit login

I was so excited about WebAuthN. Part of my irritation about passkeys is that I want to like them. It's a cool idea and they could in a parallel universe somewhere be really good. I wish the people working on them weren't systematically undermining my trust in the entire concept.



We have tried to offer / show an implementation of Webauthn-based cross-platform PassKey support over at mailpass.io, where you can mix and match your devices as needed to any one account. The only known limitation at the moment is Mac TouchId via Firefox, which is being worked on by FF community (but could take up to 20 years based on some recent bugfix times over there :\ )


> where you can mix and match your devices as needed to any one account.

I appreciate what you're trying to do and I'm happy for more providers to build implementations, but you can't individually solve the ecosystem problem because you're only one provider. You can't force Apple, 1Password, Google, and Microsoft to all allow import and export from your app. You can't force Amazon not to do attestation or to accept multiple keys, even if you do everything right you don't have the power to force them to go along with you.

This is a problem that has to be solved by the FIDO Alliance; individual providers can't solve it for them. The Alliance itself has to take some responsibility for the direction of the spec they're pushing and for the direction the industry is going. Ecosystem portability is not going to be solved until interoperability is as a mandated condition for certification.


Totally agree FIDO need to sort this out. Until then, we developers can at least try to show a way forwards where Apple / Google do not own all of your PassKey access


Let's hope it'll be much sooner than that: They're apparently aiming for November – this year!

https://connect.mozilla.org/t5/ideas/support-webauthn-passke...


Just signed up and tested it - nice implementation! What was the hardest part during the integration (other than FF on macOS not supporting it)?


Appreciated! Shout out to MasterKale (https://github.com/MasterKale/SimpleWebAuthn) for a comprehensive Typescript wrapper for the spec. The challenge was more around UX and thinking about "if we do not use a password at all, how does this work"


As an add-on, the only real technical bit that needed some trial and error was how it interfaced with MongoDB's node driver, which I discussed here: https://github.com/MasterKale/SimpleWebAuthn/discussions/375




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: