Matthew Miller
@iamkale.millerti.me
#passkeys expert. Creator of SimpleWebAuthn, maintainer of py_webauthn, steward of webauthn.io. Video games and 3D printing fill my downtime. Oh and I blog sometimes over at blog.millerti.me 😎
My opinions are my own.
My opinions are my own.
Twitch chat integration when
November 5, 2025 at 7:19 PM
Twitch chat integration when
Can I interest you in WebAuthn's Virtual Authenticator browser automation API? It's great for setting up automated end-to-end front end tests if you're running them in an actual browser. It automates the user's interaction with WebAuthn's modals w3c.github.io/webauthn/#sc...
Web Authentication: An API for accessing Public Key Credentials - Level 3
w3c.github.io
November 3, 2025 at 10:52 PM
Can I interest you in WebAuthn's Virtual Authenticator browser automation API? It's great for setting up automated end-to-end front end tests if you're running them in an actual browser. It automates the user's interaction with WebAuthn's modals w3c.github.io/webauthn/#sc...
Gotta get the timeline back to fun video game and programming stuff. I can lean on my RSS setup to keep up with (filtered, non-real-time) current events.
October 31, 2025 at 5:44 AM
Gotta get the timeline back to fun video game and programming stuff. I can lean on my RSS setup to keep up with (filtered, non-real-time) current events.
Affinity is still absolutely massive - download a 980MB file into an uncompressed 3.5GB executable 😵
October 30, 2025 at 8:18 PM
Affinity is still absolutely massive - download a 980MB file into an uncompressed 3.5GB executable 😵
And I recently updated my two-year-old PRF blog post to add a header that discourages naive use of PRF blog.millerti.me/2023/01/22/e...
Encrypting Data in the Browser Using WebAuthn
My sneakernet hacker fantasies are becoming reality 👟
blog.millerti.me
October 30, 2025 at 2:51 PM
And I recently updated my two-year-old PRF blog post to add a header that discourages naive use of PRF blog.millerti.me/2023/01/22/e...
I intentionally don't make PRF simple to use and never will simplewebauthn.dev/docs/advance...
PRF | SimpleWebAuthn
Use of WebAuthn's prf extension dangerously ties vital encryption information to a user's
simplewebauthn.dev
October 30, 2025 at 2:45 PM
I intentionally don't make PRF simple to use and never will simplewebauthn.dev/docs/advance...
This is why a small contingent of us have been politely discouraging people to use PRF, because of that footgun in particular.
To be fair to some credential managers, I think they've come around and are trying to use PRF to encrypt an unlock token for local access, not E2EE of the entire vault 🤔
To be fair to some credential managers, I think they've come around and are trying to use PRF to encrypt an unlock token for local access, not E2EE of the entire vault 🤔
October 30, 2025 at 2:17 PM
This is why a small contingent of us have been politely discouraging people to use PRF, because of that footgun in particular.
To be fair to some credential managers, I think they've come around and are trying to use PRF to encrypt an unlock token for local access, not E2EE of the entire vault 🤔
To be fair to some credential managers, I think they've come around and are trying to use PRF to encrypt an unlock token for local access, not E2EE of the entire vault 🤔
Another slam dunk campaign slogan the Democrats will absolutely not capitalize on
October 28, 2025 at 2:46 PM
Another slam dunk campaign slogan the Democrats will absolutely not capitalize on
My shitposting did not contribute to his arrival therefore I will be deemed unworthy
October 27, 2025 at 4:58 PM
My shitposting did not contribute to his arrival therefore I will be deemed unworthy
Hey my dude, I'm the guy who made the library and I think it's okay to make mistakes so long as you learned something new from it. Think of it this way: now you know why LLMs are wrong when they suggest that WebAuthn should support optional mediation!
Good luck on whatever you're working on 😌
Good luck on whatever you're working on 😌
October 23, 2025 at 1:54 PM
Hey my dude, I'm the guy who made the library and I think it's okay to make mistakes so long as you learned something new from it. Think of it this way: now you know why LLMs are wrong when they suggest that WebAuthn should support optional mediation!
Good luck on whatever you're working on 😌
Good luck on whatever you're working on 😌
That Kid Pix shirt 👨🍳 💋
October 19, 2025 at 2:16 PM
That Kid Pix shirt 👨🍳 💋
I'm a library maintainer that publishes to both now. I'll continue publishing both because I want to target as much of Node, Deno, CF Workers, etc... as I can, and NPM may never get native JSR support.
I think if I wrote something specifically for Deno I'd simply publish to JSR for how easy it is 🤔
I think if I wrote something specifically for Deno I'd simply publish to JSR for how easy it is 🤔
October 9, 2025 at 8:46 PM
I'm a library maintainer that publishes to both now. I'll continue publishing both because I want to target as much of Node, Deno, CF Workers, etc... as I can, and NPM may never get native JSR support.
I think if I wrote something specifically for Deno I'd simply publish to JSR for how easy it is 🤔
I think if I wrote something specifically for Deno I'd simply publish to JSR for how easy it is 🤔