Passkeys for B2B SaaS: what they fix and what they don't
The real security wins, the rollout problems nobody mentions, and an adoption order that doesn't lock users out.
Guides
Practical, opinionated writing on sign-in for software products. Each guide stands on its own; each one also ends with the same recommendation, because we mean it.
The real security wins, the rollout problems nobody mentions, and an adoption order that doesn't lock users out.
Where email-based login genuinely wins, where corporate mail quietly breaks it, and why the answer is per-audience, not either-or.
OIDC vs plain OAuth, account matching, email trust, and the MFA question you must answer before shipping either button.
What exports cleanly, why password hashes never do, and the two strategies that avoid a forced reset day.