DEV Community

Cover image for Universal passwordless authentication - The beginning
Arnaud Dagnelies
Arnaud Dagnelies

Posted on

12 4

Universal passwordless authentication - The beginning

Since quite some time now, I've toyed around the idea of making an authentication platform ...and I'm starting doing it! I'm currently on a parental leave, freed from the corporate life and in my evening hours, when the kids are sound asleep, I thought I would give this a shot.

I always found the authentication landscape kind of broken. For both users and developers. On one side, for users, you have to register separately on every damn website, with frustratingly complex passwords while your grandma is again the victim of a phishing attack anyway. On the other side of the fence, just implementing a secure authentication system a time consuming piece of work ...and with a lot of unexpected complexity (yeah, I look at you OAuth2!). And if you want something really safe with MFA, oh boy ...well, no wonder there are so many paid identity providers. Just for what? Just to authenticate users.

So here it goes, let's simplify that for everyone! Global identities with passwordless authentication. Just put your finger on your phone sensor or look at your laptop's camera to register/login, that's it. If you want to try it out, here it is:

Passwordless

Authentication using TouchID or FaceID for everyone. Less passwords, more security!

dagnelies.github.io

This is all thanks to a recent w3c protocol called webauthn. However, no matter how great this protocol is, it also has a big shadow side: its sheer complexity. Hundreds of pages of specs, obscure binary data structures, unintuitive corner cases and so on.

So well, that's why making a "working out of the box service" would make sense to me, and that is what I'm attempting to build here. Ideally for free for everyone, sustained by some magical sponsorships, but this sounds like utopia to me right now. Currently, it's, ahem, just at its early infancy. It's like a baby just looking around, waiting to grow up in a fine service. Heck, it does not even have a proper domain name yet!

So why am I showing such an early, far from finished, completely messy thing? Well, to gather interest. As a solo dev, it's kind of lonely to just develop in the void without any feedback ...and your head is haunted with questions like "is it worth it?" and "will anybody use it anyway?". So, if you like what you see so far, please cheer for me! :D You are very welcome to also tell me what you would like to see next, or just tell me you liked it so far. Thank you for reading!

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (4)

Collapse
 
ravavyr profile image
Ravavyr

Love the idea, hope you can turn it into something widely used.

However, aren't fingerprints and face recognition easily fooled currently?

I much prefer typing in my email address for example and using "login with google" currently and relying on google to not get hacked :)

Thoughts?

Collapse
 
dagnelies profile image
Arnaud Dagnelies • Edited

The fingerprint / face is used to access a protected (cryptographic) key stored on the device. In other words, as an attacker, you would first need to get your hands on the phone/laptop/other of the person you are trying to impersonate. ... And if you are able to fool the local authentication, you basically have all the rights on the device anyway.

Collapse
 
dagnelies profile image
Arnaud Dagnelies

Hi. There was still the question pending of "Why not login with google?" that I did not really answer. The response is a little late because it did not really fit as a comment, but I tried my best to answer it in the last section of my latest post ;) dev.to/dagnelies/passwordlessid-fi...

Collapse
 
dagnelies profile image
Arnaud Dagnelies

Thanks for all your support!

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay