Technical Insights from Building Passkeybot: Lessons on Passkey Implementation and WebAuthn
Interesting things about passkeys in webauthn
Read the full articleYou might also wanna read

Why don’t major apps like Instagram, Netflix and Spotify offer passkeys yet?
Major apps like Instagram, Netflix, Spotify seem to have no passkey adoption yet however, there is a new website that is drawing attention t
Debate: Best Practices for Authentication in Modern Web Applications
A discussion has emerged on Hacker News around the most secure methods for handling authentication tokens in modern applications. The post l
MCP Credential & Secret Management: Securing API Keys, Tokens, and Passwords
How to securely manage credentials in MCP servers.
Specifications
The two primary technical specifications that work together to enable passkeys are Web Authentication, commonly referred to as WebAuthn, and
iOS 26 adds post-quantum ML-DSA keys in Secure Enclave; Android support remains partial
Apple's iOS 26 introduced hardware-backed ML-DSA post-quantum signing keys inside the Secure Enclave, using a familiar CryptoKit API that ti
Authentication token storage in modern web apps: A security-focused analysis of localStorage, cookies, and in-memory approaches
Where should your auth token live so an XSS bug can't steal it? Here's how to build auth that survives the crazy non-secure world we live in
Authentication token storage in modern web apps: A security-focused analysis of localStorage, cookies, and in-memory approaches
Where should your auth token live so an XSS bug can't steal it? Here's how to build auth that survives the crazy non-secure world we live in

Comments
Sign in to join the conversation.
No comments yet. Be the first.