Passwordless.ID - Roadmap
Passwordless.ID is a free public identity provider allowing users to sign in/up in web apps using their fingerprint, face recognition or local authentication mechanisms like swipe pattern or PIN code. The results are no more passwords, a much smoother user experience and vastly improved security. It provides two-factor authentication using a single touch or a smile in the camera. Awesome, right? Try it now, it's a public service free forever, no account necessary!
Things have been calm lately as I had to shift my focus to other tasks in my life. Nevertheless, things are going forward, although at a slower pace than I would wish to be.
For those who are curious about where it's headed to and what's still to be done, I invite you to check the following roadmap!
The next steps are (at last) verifying the user's e-mail. In case you haven't experienced yourself, Passwordless.ID does not require an e-mail at all. It's optional. However, it's both important information to verify if it is provided, and a potential recovery mechanism in case of device loss.
Since only registered devices can be used to authenticate the user, the only "safe" way to use Passwordless.ID is to register at least a second device.
However, this is currently not so obvious. ...I would even say "dangerous" right now because an average user would not be aware that losing their device would make their account inaccessible. That's also why there is a TODO on the roadmap: to make such information more obvious in the UI and encourage the user to register a second device or verify e-mail/phone information during registration itself.