Passwords, usernames, breaches, accounts are a mess to maintain and especially to keep secure and to remember.
I cannot wait for the passwordless authentication future of the web, and I hope it will be adopted widely and soon.
I spend roughly an hour every six months to a year managing my almost 200 accounts saved in my password manager. I cancel accounts I no longer need and update the passwords of others when I feel like it.
WebAuthn is be a great step forward in this wild jungle of passwords / sensitive information and related breaches.
A standard API that websites can adopt to interact with authentication devices, such as security keys or biometric sensors.
This eliminates the need for users to enter their password on the website, and especially remember, managing and keeping them secure.
Encryption is at the heart of this biometric authentication standard, and the user is authenticated directly by the authentication device.
The website is only given a cryptographic proof that the user is who they claim to be.
Below you can find some links with helpful resources, I highly suggest to check out the demo on https://webauthn.io
Awesome to see the different biometric and security key options that are available.