Feature Request #2224
Implement WebAuthn for passwordless login/registration.
We are thinking in different frameworks. :)
When I speak of the standard maturing I'm referring to it being out in the wild and pounded on for many years. Those Concerns I pointed to could well turn into exploitable problems in the wild.
One must always remember that, "Security is proven, not claimed". Saying xx is secure does not make it so.. Having it be pounded on for years, fixed when it breaks (or abandoned as a bad idea), and then pounded on again until it has stood up unbroken for years is how you know if something is secure. Anything else is marketing.