Eiji Kitamura / えーじ :verified: @agektmr@infosec.exchange
Public

deployment checklist is now available.

This new content summarizes all the passkey best practices we can think of when a website deploys a passkey system such as:

  • Use AAGUID to identify the passkey provider and to name the credential for the user.
  • Prompt for local passkey creation if the user has signed in with a cross-device passkey.
  • Verify the user with the strongest authentication method available for they can use before allowing them to create a passkey.

You can use this checklist to build a best possible passkey implementation, or to see if there are anything you can improve by comparing it with your existing deployment.

Checkout our passkey deployment checklist from here: web.dev/articles/passkey-check

If you have any feedback on this content, please let me know!

Kunci sandi yang aman dan lancar: Checklist deployment  |  Articles  |  web.dev

Checklist bagi developer untuk memastikan penerapan kunci sandi mereka mengikuti semua praktik terbaik.

web.dev · web.dev

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/agektmr/statuses/114708086452972822 on your instance and quote it. (Note that quoting is not supported in Mastodon.)