Hawcx and I share a vision for secure, seamless, passwordless authentication. We are working to see it widely deployed to make life better for people worldwide.
I have put years of my life into the WebAuthn and FIDO2 standards efforts trying to make this happen. It’s a partial success but still very much a work in progress in terms of adoption and security guarantees. Hawcx is fully aware of both the achievements of the FIDO approach and the impediments to its adoption.
It’s attractive to me that Hawcx is innovating in the passwordless arena, incorporating learnings from FIDO, but also employing innovative approaches where they add value. Hawcx wants to create both a great user experience and a highly secure infrastructure. There’s a freshness to this approach that I admire.
Hawcx has created a passwordless login solution that doesn’t have many of the downsides that we’ve been struggling with in FIDO for years. No synced passkeys. No AirDropping them – including no AirDropping them to phishers. Deployments are not dependent on the security of the “sync fabrics” operated by the platforms and password managers. Instead, each device has its own secured private key used at the RP that is never exported or shared.
While it’s not often said this directly, one factor limiting FIDO and WebAuthn is that the browser vendors are gatekeepers to innovation in the Web platform. Unless two and ideally all of them decide to build something, the initiative is dead in the water. Follow the journey of the Device-Bound Public Keys (a.k.a. Supplemental Public Keys) extension, which would have let RPs know if a new device was being used. It was in the spec, not built by the browser vendors, and then out of the spec as a result. In a world of synced passkeys, this was critical for higher-value sites to be able to meet their compliance and security requirements. But we’ve been stuck for years. In comparison, the Hawcx approach is browser and platform agnostic and not gated on choices made by Apple, Google, Microsoft, and Mozilla.
No, I’m not giving up on standards. I’ve poured my professional life into them, and Hawcx fully supports me in this. I have a track record of credibility from consistently speaking the truth and achieving outcomes that benefit the entire industry. I will bring that same credibility and ethos to my standards engagements on behalf of Hawcx. Hawcx plans to positively influence the Web platform based on their experience for the betterment of all, through WebAuthn and FIDO.
I’m excited about this new journey!