This is incredible. I wonder when an LLM will pull this knowledge out to help someone down the line who would never have had the craft to pull this off, as it requires so much depth and broad skill. Admirable.
When building, did you not have the thought or feeling that you would prefer the actual Claude Code and Codex harness to run, rather than just the SDKs also for your Agents?
This rant is utterly factless and at an absolute novice level. It is correct that building a passkey-first system (without fallbacks) is not possible today, but that's like going all in on Google Social login and then ranting about why not all users can access the system.
Exactly, the average consumer is the most vulnerable in this landscape. Passkeys, in particular, seem like a promising solution to simplify authentication and protect average consumers. With better integration across platforms, could passkeys be the bridge that balances security and convenience for the 'average consumer' without requiring them to be privacy or tech experts? Most of them share much more valuable information in the cloud already (from privacy perspective)…
You're right about the growing friction between security and user experience, especially with the increasing sophistication of threats. However, if we don’t move towards more seamless & secure authentication methods, won’t we risk stagnating in terms of security? The average consumer is at risk, the privacy-savvy user can avoid that easily, the question is how do we help the "average consumer"?
I guess from a tech perspective, we can now create solid connections between clouds and consumer accounts without the need for social logins (device/cloud -> websites). We will be flying to Mars and have self-driving cars, yet we still have to juggle passwords and password managers.
I think passkeys will bring us automatic authentication, where you can establish an automatic login with consent across all operating systems. The operating system would silently log you in the background. Do you think this could lead to privacy discussions, even if it adds security?
That is the next interesting point. At the moment, you are right; there is no third-party password manager support on Windows. However, when they integrate synced passkeys, they might offer that. I think, until now, there has been no strategic value in leveraging access management for customers. Once you have a passkey in your cloud, you have a connection with a website forever (unless you revoke it). The future is an automatic login via passkeys (with user consent, of course).
What changed: Apple & Google want to enter deeper into customer connection and at the same time offer a more secure and convenient authentication for their customers.
I am one of the Co-founders. We have heard from members of the FIDO2 community who are closer to Apple that this will probably happen. You are right that Apple could also be positioned more as a password manager on other platforms; we have considered this. However, this is not how most people currently perceive it.
Google releasing this functionality to production is relatively new for those outside the passkey community, although it is not surprising when following Chrome Dev.
Overall, the tendency of Apple and Google to focus on passkeys for consumers and make them accessible is an interesting angle. In our blog, we frequently discuss password managers; in fact, we are also 1Password customers. Passage is a part of 1Password that operates in the same field as we do, likely because they recognize a potential threat from Apple and Google in the consumer space.
For companies implementing passkeys this is quite a significant change, because now a Chrome can carry a passkey that used to be a cross-device case before. The ecosystem is getting more complicated...