Report URI now supports Passkeys as a second-factor authentication (2FA) option alongside existing TOTP. The post explains how Passkeys work using public-key cryptography, why they are phishing-resistant (via the rpId binding to a specific domain), and how Report URI chose to implement them as 2FA rather than a full password replacement. The author also outlines their existing password security measures and teases upcoming blog posts covering a third-party penetration test of the implementation and a Passkeys security whitepaper.
Sort: