7
5 Comments

Curious to know why aren't devs implementing WebAuthn for their sign-up & login flow

I'v always wondered why companies aren't investing in going passwordless and in particular implementing WebAuthn(https://webauthn.io/) into their websites? This is a way to allow users to login with bio-metrics and could literally help replace passwords.

  1. 2

    WebAuthN works great on mobile devices because users have a security device built-in, their phone. On desktop, unless I’m missing something, people would need a security key like Yubikey. That’s a big paradigm shift for people and is probably the reason adoption hasn’t been so great.

    1. 1

      On desktop, yes, I can see how that could be a big problem.

      But given that so many of us use laptops that have TouchID or Windows Hello built in, thought that more devs would be taking a shot at it.

      Especially, if it’s it’s B2B because companies usually hand out laptops that are fairly new & most of them have some sorta finger print reader on it

  2. 2

    We use AWS Cognito which does support WebAuthn

    https://aws.amazon.com/blogs/security/how-to-implement-password-less-authentication-with-amazon-cognito-and-webauthn

    but like anything else customers have to ask for it before we would turn it on. I don't think it's a popular enough feature for us to implement without a request.

    1. 2

      But I'd say, so many customers don't even know what WebAuthn is or if it even exists!
      So waiting for them to ask for something they don't even know about, will never happen. Almost feels like devs should take a gamble and implement it (for 3/4 months) and see what users think.

      Have you used WebAuthn.io? what were your thoughts on it as an end user?

    2. 1

      How did you find it was to implement it using the cognito docs & sample code? Found in general docs on the topic in general to be very minimal and painful and any attempt to do it from scratch using the W3C source docs (https://www.w3.org/TR/webauthn-2/) is a nightmare.

      And yeah, it does feel like enough people don't know about it to request it.

Trending on Indie Hackers
Rant about the link building industry 19 comments Any indie hackers creating tools for the nonprofit sector? 11 comments 44 products by bootstrapped startup founders you can use 5 comments Small creators were preferred over big brands for Black Friday & Cyber Monday 4 comments Product Hunt Launch Breakdown: #4 Product of the day Hive Index 2 comments I want to quit regardless of the big amount of money VC are offering 2 comments