We bring you the latest updates from Evan Todd through a simple and fast subscription.
We can deliver your news in your inbox, on your phone or you can read them here on this website on your personal news page.
Unsubscribe at any time without hassle.
Evan Todd's title: Evan Todd
Is this your feed? Claim it!
On my quest to speed-run all the wrong ways to authenticate users, I decided to implement passkeys.
TL;DR: WebAuthn is engineered to handle complex, paranoid enterprise use cases. I don’t think it will fully replace passwords until there’s a simplified API fo...
Folks kindly responded with some criticism of my list of magic link pitfalls. So let’s talk about some more pitfalls!
Magic links are annoyingThis was by far ...
Recently I was surprised to discover that there are several bad ways to do magic links.
The basic idea is: a user hits “login”, enters their email address, and receives an email that allows them to login without a password. What could possibly go wrong?
I work in security, so I already knew a few best practices I would need to implement:
The link should hav...