Passwords are bad. Often, they are the cause of data breaches. They are too short, too easy to guess, shared across multiple sites, and repeatedly stored. That has to change. FIDO2, with the underlying WebAuthn and CTAP2 specifications, seems to have the ability to move us to a passwordless world.
I tried to make an existing application on IBM Cloud support passwordless login. Here is what I did and how I succeeded.