As someone who’s followed and kept up with browser security for 15 yrs (CORS, CSP, all the security headers, TLS changes) and even the early U2F stuff - passkeys and this webauthn stuff is approaching too-complex territory for me. Maybe I am just jaded by now, but I don’t feel the same about other changes. Like the new Sanitizer APIs are easy to understand and advocate for.
As someone who’s followed and kept up with browser security for 15 yrs (CORS, CSP, all the security headers, TLS changes) and even the early U2F stuff - passkeys and this webauthn stuff is approaching too-complex territory for me. Maybe I am just jaded by now, but I don’t feel the same about other changes. Like the new Sanitizer APIs are easy to understand and advocate for.