Passkeys are incompatible with open-source software
Passkeys are incompatible with open-source software (was: “Passkey marketing is lying to you”) TechAndrew Saturday, 4 January 2025 Update: After reading more of the spec authors’ comments on open-source Passkey implementations, I cannot support this tech. In addition to what I covered at the bottom of this blog post, I found more instances where the spec authors have expressed positions that are incompatible with open-source software and user freedom: When required, the authenticator must perform user verification (PIN, biometric, or some other unlock mechanism). If this is not possible, the authenticator should not handle the request. This implementation is not spec compliant and has the potential to be blocked by relying parties. Then you should require its use when…
