Security - Add support for passkeys
Passkeys are the newest and strongest form of passwordless authentication, built on the WebAuthn/FIDO2 standards. Instead of a password, a passkey uses public-key cryptography stored securely on a user’s device (like Face ID, Touch ID, or Windows Hello). When a user logs in, the device signs a challenge with the private key, and the server verifies it with the public key—meaning nothing secret ever travels over the internet.
Key points about passkeys:
Passwordless by design – users don’t type anything in; authentication happens with biometrics or device unlock.
Phishing-resistant – since the login only works on the legitimate domain, attackers can’t trick users into handing over credentials.
Cross-device sync – Apple, Google, and Microsoft support syncing passkeys across devices via their cloud ecosystems, making it more convenient than hardware keys.
Drop-in replacement – many apps present passkeys as “sign in with your device” instead of typing a password.
Alex F
shared this idea
Thanks Alex for adding all the ideas - well received and will be considered.