I’m not sure where this question belongs. It’s not necessarily for developers but it’s just wonky enough that I couldn’t find a topic area in the Help Center where it fit real well.
I’m just curious if Micro.blog has considered implementing support for Passkeys when logging into the site? I’m noticing more widespread adoption recently, including Google, where I can log in with Face ID on iPhone and a thumbprint on a MacBook. I can see how the current process of clicking a link in your email is pretty secure if your email is secure, but it also adds some additional steps for the user.
I tend to use the web site a lot. Although the apps are great, not all features are available yet, so I use my browser to access Micro.blog several times per day. It wouldn’t be as big of a deal if I wasn’t so privacy minded, but I tend to surf in either incognito mode or clear my browser cache pretty frequently. This creates the need to login several times per day when cookies are cleared or the session ends. Passkeys would streamline the login for users in a very secure way.
Recently when I logged out of the Micro.blog iPhone app I saw “Sign up with Apple”. Is this maybe a sign that “Sign in with Apple” may be coming? Anywhere else on the web, a “Sign in with Apple” (and even as of last month - “Sign in with Google”) causes the Passkey request if you have it setup properly. I think allowing sign-in from either of those sites would probably cover most people, but I also don’t know anything about how this sort of thing is implemented or if it makes sense for Micro.blog, but I wanted to ask. Thanks.
Yes, we’ve been looking into Passkeys and plan to support it. I also want to add Sign in with Apple on the web version of Micro.blog. Thanks!
Because Apple’s WWDC is just around the corner in a couple of weeks, we’ll wait to see if there are any changes announced there and then move forward with whatever makes the most sense.
Unfortunately not much progress on Passkeys. I still want to support it. I think when we added Sign in with Apple, some of the urgency for Passkeys dropped off.
Now that it has been a while, are people using Passkeys successfully on other web sites? I haven’t heard much about them recently, but maybe that’s because everything is working smoothly.
The main reason I don’t use “Login with Apple” is that my personal and work devices use different Apple accounts. With Passkeys, I would be able to use all devices, either by associating the device with the service or via QR code.
Regarding Passkeys, I use them on pretty much every website I can.
Yeah I use passkeys anywhere they’re offered to me, and 1password lets me know when a site supports passkeys where I haven’t yet generated one. Especially for sites where I have to either follow an email link to login or do something on another device, the passkey support means I only have to click login (because in order to use my passkeys, I already had to do two types of auth). The Apple one is ok but for example, I had to click it, then click allow on my ipad and then type in a code. That would have just been one click with a passkey.
I use passkeys where ever I can (through 1Password). I don’t like using my phone or device since it’s too reliant on it. And this is where I have seen it fail. CVS is my big example (but may have been updated since it works now, I think?) but at one point, it ONLY allowed for your phone as a passkey. That kind of implementation I did not like.
My other preference is also if a service allows it through the cheaper Yubikey (this is where I don’t fully understand potential limits).