I've noticed articles popping up about Passkeys. a Passkey authentication scheme is very simple. The server sends a random challenge, the client signs it with their Passkey thingy, then sends back the signed data and public key. When they want to log in the server sends them all their public keys, and maybe some random ones two, and a new challenge. The client signs the challenge and sends the public key, key id, signed data back. (It also has some other data, like number of times the key was used, so you can update you data on the server)
If you use "windows hello" or whatever they call their passkey scheme, make sure to add another passkey as a backup!!! MS is common for "oops we f'd up, our bad" i guess.
A hardware device such as yubikey makes a good Passkey token
GitHub - arduent/passkey-credentials: minimal example using webauthn-framework to provide Passkey authentication to your web siteminimal example using webauthn-framework to provide Passkey authentication to your web site - arduent/passkey-credentials
https://www.pcworld.com/article/2763275/so-long-passwords-5-easy-ways-to-use-passkeys.htmlhttps://www.zdnet.com/article/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight/
