P2
Go passwordless
Register a passkey, then sign back in with it.
- 1
On your account page, register a passkey.
The private key stays in your device’s secure hardware; the server only ever stores the public key (verified with a hand-rolled WebAuthn + CBOR + COSE stack).
- 2
Log out, then sign back in with the passkey.
Login verifies a fresh challenge signature — no password to phish, replay or leak.
Do it
This one happens on your account page — register a passkey, revoke a session, or enroll TOTP there.
Go to your account →Learn the theory
🩻 X-ray — what actually happened
Your own insert-only audit trail — the real server events, sanitized (never a secret), each linked to the lesson that explains it.
Loading…