Project

General

Profile

Feature Request #2224

Implement WebAuthn

temporaryuser - 9 months ago - . Updated 9 months ago.

Status:
open
Priority:
bug
Assignee:
-
% Done:

0%


Description

Implement WebAuthn for passwordless login/registration.

History

#1

Updated by freemor 9 months ago

What advantages would this provide over the current methods that make it worth the increased complexity of the server?
Considering https://en.wikipedia.org/wiki/WebAuthn#Criticism Wouldn't waiting for this standard to mature be more prudent?

#2

Updated by temporaryuser 9 months ago

Is it still in development?

#3

Updated by freemor 9 months ago

We are thinking in different frameworks. :)

When I speak of the standard maturing I'm referring to it being out in the wild and pounded on for many years. Those Concerns I pointed to could well turn into exploitable problems in the wild.

One must always remember that, "Security is proven, not claimed". Saying xx is secure does not make it so.. Having it be pounded on for years, fixed when it breaks (or abandoned as a bad idea), and then pounded on again until it has stood up unbroken for years is how you know if something is secure. Anything else is marketing.

Also available in: Atom PDF