https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/

anybody ahead of the game on these?

Not with Apple and not with DataFlex (and not in a productive environment) ;)

I used a Yubikey (FIDO security key) in the past as a second factor for authentication (works nice with DF as well). I recently started storing my SSH keys on the key as well. (Now you can basically forget your password OR loose your (Yubi)key ;))

Having WebAuthn support in DataFlex would be nice. I think it's doable. The WebAuthn Api is accessible via JavaScript, and the protocol looks "reasonable" (Here is a nice overview with Java-examples and charts, etc.: https://developers.yubico.com/java-webauthn-server/ ). The DF security library already supports U2F, according to the "Migrating from U2F"-section in the previous link, the change should be "simple".

It looks like Microsoft is starting to support it too ( https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/webauthn-apis )

Even though it would be nice to have, I'm not sure if we actually would use it in our WebApp. I don't think the average user understands how this works (yet). This might change if Apple adopts and promotes this a bit more.

[QUOTE=Raphael Theiler;383229].../QUOTE]

Thanks. Good summary, and thanks for the link. I like a few facts to dazzle the auditors :cool: