(no title)

1. There are pretty damned good reasons to use a single sign on (SSO) authentication across all company resources. Managing multiple accounts for every employee across every service is a prohibitively burdensome and messy affair, error-prone, inconsistent in policy enforcement and quality of security, features that would difficult to roll out on your own, the list goes on. SSO is an absolute must in any modern organization.

2. WebAuthn just a marketing scheme? It's a pretty big jump forward in authentication security, protocol, user experience, etc. It eliminates passwords, the cornerstone of authentication for as long as computers have even had authentication, and the #1 cause for security breaches by far. It does away with the need for 2FA. It allows users to use a range of devices to easily authenticate themselves without the need to juggle credentials for every account they have. It uses public/private key cryptography, a robust standard for security for years, uniquely for each site, attested to prevent fake hosts from registering keys, and all automatically managed behind the scenes so nobody has to go through the painful song and dance of creating and managing their own keys anymore. And it does all of this with a universal and open protocol that is currently already baked into most browsers. Seems like a pretty big deal to me, and certainly a big enough deal for huge companies and services like Google, Github, Microsoft, etc. to have prioritized its development and rollout.