ASP.NET Core 8.0 - Users Without Passwords Project

From the beginning of online accounts, we had passwords. Then we got “I forgot my password”. Password recovery processes were developed to reduce support fatigue. The most popular recovery mechanism is a link with a password reset token sent to the user by email. Then we got “I didn’t get the email”. To help mitigate email delivery issues, the online account registration process required a confirmed email address before access is granted. This discourages users from registering because they fear their email address will be sold, stolen, shared, or abused by email spammers. If passwords are removed, the email address can become optional.

The Users Without Passwords Project (UWPP) is the source code for UsersWithoutPasswords. Com. The UWPP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The UWPP implements WebAuthn, also known as FIDO2, instead of passwords. Windows Hello implements authentication with an IR webcam for facial recognition, a fingerprint scanner, or just by setting up and using a PIN. See Learn about Windows Hello and set it up.

The UWPP was initially developed back in 2021 with framework .NET 5.0 based on the W3C Recommendation, 8 April 2021, Web Authentication: An API for accessing Public Key Credentials Level 2. Version 2.x of the project was upgraded to .NET 6.0, integrated the ASP.NET Core 6.0 - Homegrown Analytics Project, and implements multiple email addresses per user. I enabled the nullable context and mitigated all warnings and issues. Version 3.x of the project was upgraded to .NET 8.0. Version 4.x of the project is upgraded to support the W3C Working Draft, 27 January 2025, Web Authentication: An API for accessing Public Key Credentials Level 3.

The latest version of the UWPP is published at UsersWithoutPasswords. Com. The project supports multiple FIDO2 authenticators. Users can self-manage authenticators in Manage Account. Admins can list users, authenticators, and histories.