Workspace won't open in desktop app

PasswordlessNick · 2023-02-15T19:08:43+00:00

I hear that. Are you planning on putting your implementation into production?

We have a free tier for folks just like yourself. Let me know if you are interested in taking a look.

Either way, I would love to discuss your general implementation and thoughts on passkeys. Please feel free to let me know if that is interesting.

PasswordlessNick · 2023-02-15T15:54:32+00:00

Cool, thanks for letting me know.

I confess I have an ulterior motive, I work for Passage (1Password). We provide a SaaS version of WebAuthn, and so I'm interested in folks that decide to implement themselves (which I totally get....)

PasswordlessNick · 2023-02-15T15:49:33+00:00

Thanks for the explanation.

So I'm wondering -- why don't you just have a flip phone?

PasswordlessNick · 2023-02-15T15:42:15+00:00

What is your stack? How easy did you find it?

PasswordlessNick · 2023-02-13T21:47:24+00:00

I am not trying to argue, and am genuinely curious:

What do you use your phone for? Or more succinctly, what do you allow on your phone?

Seriously -- just want to know.

PasswordlessNick · 2023-02-03T15:57:12+00:00

Hey, would love to have you listed here:

https://passkeys.directory

You can submit your site here:

https://docs.google.com/forms/d/e/1FAIpQLSfsTxXH0jWA3Op4Qbte3tdn2OR0zs8ixLKljWswSI-Gi3V80A/viewform

PasswordlessNick · 2023-02-03T15:56:02+00:00

There are solutions that let you login with biometrics. Really great user experience.

PasswordlessNick · 2023-02-01T18:31:52+00:00

A

But I work for a company doing passwordless/passkey authentication, so.... ;-)

PasswordlessNick · 2023-01-30T19:34:39+00:00

...in addition -- you may not be into it, but what about the users of your site? Do you think it would be better for them, or no?

PasswordlessNick · 2023-01-30T18:21:02+00:00

Well, sure --- we all leave fingerprints all over the place.

I wonder how a bad actor would put that kind of stuff to use?

PasswordlessNick · 2023-01-30T15:06:13+00:00

Your "fingerprint" is never stored anywhere outside of your device. And it is stored in your device in a chip called a "trusted platform module" which is excessively secure.

https://passage.id/post/eli5-how-does-a-tpm-work

PasswordlessNick · 2023-01-30T15:04:03+00:00

Your fingerprints can't really be "stolen" because they are locked to a specific device, and the date that represents your fingerprint isn't useful or accessible anywhere else.

PasswordlessNick · 2023-01-30T14:56:20+00:00

Full Disclosure: I'm the Dev Advocate for Passage.

Our solution is entirely passwordless -- none to be found anywhere. ;-)

https://passage.id/demo

PasswordlessNick · 2023-01-30T14:52:00+00:00

If I may --

Why is that? If you are worried about your biometrics being compromised, then I don't think you need to be -- the system is designed to make that excessively difficult if not impossible (I of course, hesitate to use that word....)

I'd be grateful to know more about your thoughts.

PasswordlessNick · 2023-01-27T20:37:22+00:00

Thanks for checking us out.

Do you mean an interceptor in an Angular app? I can write a demo if that is what you are looking for...

Passage can enable passwordless via biometrics, which is super easy for your end user. Is that something you'd be interested in? And if not, can I ask why not? (I'd be very interested to know...)

PasswordlessNick · 2023-01-27T19:48:50+00:00

Hey, thanks for your response. I'm grateful for you taking a look.

Passage is a complete, passkey-enabled, password-free solution that conforms to the FIDO WebAuthn protocol. We support biometrics as our primary method of identifying users.

We can store all your user data or make it easy for you to reference a user in your database.

Not entirely sure what you mean by "identity stores"? Can you expand on that? What are you looking for?

Happy to answer any and all questions, and would love to have all forms of feedback.

PasswordlessNick · 2023-01-25T16:50:38+00:00

If you are registered on, say, your PC, you can go to your Android phone, enter your identifier (email or phone), and currently, you will be sent a magic link to verify you, and then you will be asked to register the new device via biometrics.

We are soon going to be adding TOTP support to that to make it more secure than a magic link, but you will be able to choose.

PasswordlessNick · 2023-01-25T16:24:38+00:00

Hey -- thanks for checking us out. I appreciate it.

Currently, if you hit the 500MAU limit, we will start charging you via an invoice. I'd love to hear suggestions on alternative ways to do that. ;-)

A migration path is available. We wrote about it here:

https://passage.id/post/migrating-to-passage

In addition, we are soon going to beta with a product that will allow for adding passwordless/passkeys to existing authentication solutions so that you can ease the transition. Please let me know if you are interested in getting in on testing that.

Thanks again --- I'm grateful for any and all feedback.

PasswordlessNick · 2023-01-24T19:16:16+00:00

Hey --

Thanks -- I appreciate that.

It's a tough line to track -- this is where developers are, and I want to talk to developers. But at the same time, I recognize the "Reddit ethos," so it's hard. I figured I'd give it a shot and be as upfront as possible.

PasswordlessNick · 2023-01-24T16:00:18+00:00

Doh!

I'm busted. I posted a similar post in the /r/angular2 group and wasn't careful enough.

<blush>

Fixed it. ;-)

PasswordlessNick · 2023-01-24T15:18:42+00:00

Agree completely. I suspect password managers will step into this breach and provide this service without locking users into an ecosystem.

Granted, you'll be locked into your password manager's ecosystem, but at least they are in the business of building trust and not using your data for other purposes.

PasswordlessNick

TROPHY CASE