Project

General

Profile

Feature Request #2224

Implement WebAuthn

Added by temporaryuser 24 days ago. Updated 24 days ago.

Status:
open
Priority:
bug
Assignee:
-
% Done:

0%


Description

Implement WebAuthn for passwordless login/registration.

History

#1

Updated by freemor 24 days ago

What advantages would this provide over the current methods that make it worth the increased complexity of the server?
Considering https://en.wikipedia.org/wiki/WebAuthn#Criticism Wouldn't waiting for this standard to mature be more prudent?

#2

Updated by temporaryuser 24 days ago

Is it still in development?

#3

Updated by freemor 24 days ago

We are thinking in different frameworks. :)

When I speak of the standard maturing I'm referring to it being out in the wild and pounded on for many years. Those Concerns I pointed to could well turn into exploitable problems in the wild.

One must always remember that, "Security is proven, not claimed". Saying xx is secure does not make it so.. Having it be pounded on for years, fixed when it breaks (or abandoned as a bad idea), and then pounded on again until it has stood up unbroken for years is how you know if something is secure. Anything else is marketing.

Also available in: Atom PDF