Announcement for our lovely forum users: You can now add a passkey to your account by navigating to your User Preferences → Security page.
After adding a passkey to your account, you will be able to sign in to the forum without a username and password, with the “Sign in with a passkey” button:
Signing in with a passkey bypasses two-factor authentication on your account when logging in. If you want to always require a password and a security key, you should not add a “passkey” to your profile, you should only add a security key in your “Two-Factor Authentication” settings.
You cannot disable password logins after adding a passkey. You can prevent password logins from accessing your account without a security key by additionally adding a security key in your “Two-Factor Authentication” settings.
i tried to create a passkey on my google account with my physical security key using the same browser and OS and it worked.
There seems to be some another issue relating to the website implementation of passkeys.
Though i would like to know more about how passkeys are technically different from webauthn.
setting a password had been a standard part of sign up process for all forums since years. And passkeys are relatively new , so they may not be giving it as a default option yet at time of sign up. Password is set to make it kinda backup method to login since not all may not be comfortable using passkeys everytime.
I don’t think its a limitation to passkeys since we can login without password easily, its just the current process followed is different.
I don’t think there’s any technical reasons you couldn’t make a Passkey-only authentication method, I think Discourse just chose not to implement it for whatever reason. Not sure what that reason is.
I hope Passkey-only authentication will be a thing at some point. I don’t see a point in Passkeys if I still have to generate and store passwords. Getting rid of them entirely would be amazing, though.
Once the initial rollout of the feature is complete, we may consider making the following improvements:
Allow setting up a passkey on account creation
Allow passkeys to be used when confirming sensitive actions (currently supported in the Security tab of User Preferences but not in some admin-only screens)
Turns out Discourse developers are possibly planning on allowing registration with passkeys instead of passwords.