How do you handle scenarios where the user’s device environment changes significantly? For example, if they clear their IndexedDB or switch devices? Does session-lock manage to maintain security in these cases?
That's a fair point for services that limit use based on number of concurrent devices/streams. There are, however, many services that explicitly state the account may only be used by a given single user and those providers will seek legal action if that user shares their account. This ultimately leads to significant pain for both the company and user.
That's a fair point and something we're definitely looking into. Ultimately, if you are interested in our SDK, we'll need to have an implementation conversation and can discuss pricing at that time, but it's definitely something we're considering updating. Thank you for the feedback.
haha - you guessed it! Draft 0.1 was to be named Keyri while owning the .ng domain name to create Keyri.ng. We opted against the Nigerian domain but kept Keyri.
Just checked out SaaS pass and it is definitely a robust "auth in a box" solution. Thank you, yes ultimately the goal is to eliminate account takeovers and consumer headaches - we think we have the ideal solution but also look forward to other players pushing the passwordless agenda forward.
Thanks very much! Yes, agreed, the number of authenticator apps is becoming annoying at best and arguably daunting - not to mention the prevalence of "sign in with ___" which has left consumers confused about whether they've leveraged Google, Facebook, Apple, Xero, Github, Discord, etc for each service.