Feb 19 · 5 min read · When designing a passwordless-first PWA architecture, the diagram looks elegant. In production, elegance collides with: Browser inconsistencies Institutional identity constraints Support tickets Device lifecycle chaos Monitoring blind spots Le...
Join discussion
Feb 19 · 5 min read · When teams adopt WebAuthn or FIDO2, the excitement is understandable: No passwords. No phishing. No credential stuffing. Biometric UX. Public-key cryptography. It feels like the final answer. But WebAuthn answers exactly one question: Can thi...
Join discussion
Feb 18 · 6 min read · WebAuthn gave us phishing-resistant, device-bound authentication.But devices get lost. Browsers reset. Users switch laptops. Institutions manage identities centrally. That’s where OIDC (Feide) enters — not as a competitor to passwordless, but as stru...
Join discussion
Feb 17 · 7 min read · WebAuthn looks deceptively simple at a high level: Generate challenge Call browser API Verify signature Done In practice, it is not that simple. WebAuthn is cryptographically elegant but operationally unforgiving.Small mistakes create subtle se...
Join discussion
Feb 16 · 6 min read · Modern authentication diagrams are clean. Real systems are not. My architecture intentionally combines: WebAuthn (FIDO2) for phishing-resistant authentication Feide (OIDC) for federated identity, recovery, and bootstrap SQL Server for credential p...
Join discussion
Feb 10 · 6 min read · If you read the WebAuthn specification end to end, you’ll come away with two thoughts: This is extremely well designed. No human should be expected to learn it this way. WebAuthn didn’t appear to make logins prettier. It exists because the web ne...
Join discussion
