Thanks for the comments. This is a strange feeling. I rarely feel so at odds with the general opinion.
My experience is, passwords are a 1 second affair: open website, tap credential highlighted by password manager, trigger face/touch id or whatever exists on android/windows, done.
Email experience: open website, click login, get some link, go to another app, wait for it to pull emails, look for email, open email, click link, opens in browser, maybe not the same browser where you opened the app, so go back and copy link, realize copying links from email buttons is not easy on mobile, finally login.
If this is where you guys want this to go, it sucks. How can we improve it? Maybe we need to implement some wait to do what apple does when you get a 2FA code via sms? It just shows it to you in app instead of having you open messages app?
we have passkeys… unfortunately it doesn’t seem like the narrative really took hold in the mainstream.
I’ve been building an app with passkey auth as the default and people are surprised that such an experience exists.
Can you explain what stack you use to build it? Do all of them support it easily?
I’m using Keycloak as my auth server. Took a bit to figure out the configuration necessary.
Tbh I don’t feel like most providers (including Keycloak) are offering strong, turn-key solutions for this.
The closest I saw to streamlined passkey support that you can host yourself is from Hanko.io - that provider didn’t work for my use case but something to consider.
Different people have different experiences.
You and I use a password manager.
Many don’t. They reuse the same password or create a password and forget it. Both are worse scenarios than a magic link or a one time code.