Login with Passkeys!!

[charliescheer]

Fix

To improve the security of Simplenote accounts we are trying to move away from email/password authentication as it is insecure at best. One of the things we are implementing is Passkeys. This will allow users to create and store passkeys on their apple device and when they go to log into their account rather than using an email and password they only need to put in their email and then use the local biometrics to receive a passkey and then authenticate into Simplenote.

This has a bunch of security benefits and should also help users keep from losing their passwords.

Sign up for passkeys:

RPReplay_Final1718384460.mp4

Login with passkeys:

RPReplay_Final1718384268.mp4

Test

1. Clean install Simplenote on device (can't access biometrics on sim) Tap on login and choose to login with email and password
2. Once logged in go to the menu -> Settings and in the account section you will see a "Add Passkey Authentication" button. Press that. After a few seconds you will receive a notice from device asking if you want to create a passkey. Confirm and wait a few seconds. (NOTE: Currently there is no spinner or success/failure indication, that will be in a future PR)
3. Log out of Simplenote
4. Tap on the Login button and choose Login with Passkeys
5. Enter your email and tap on the Login with Passkeys Button
6. after a few seconds you will be prompted by device if you want to login with passkeys, confirm

• Confirm you are able to log into your Simplenote account.

Review

(Required) Add instructions for reviewers. For example:

Only one developer is required to review these changes, but anyone can perform the review.

Release

(Required) Add a concise statement to RELEASE-NOTES.txt if the changes should be included in release notes. Include details about updating the notes in this section. For example:

RELEASE-NOTES.txt was updated in 0c4129 with:

Added Passkey authentication support

[dangermattic]

	1 Warning
⚠️	This PR is larger than 500 lines of changes. Please consider splitting it into smaller PRs for easier and faster reviews.

Generated by 🚫 Danger

[wpmobilebot]

You can test the changes in simplenote-ios from this Pull Request by:

• Clicking here or scanning the QR code below to access App Center
• Then installing the build number pr1599-ce93a56-01907509-ed91-4002-9863-0c684ba149e0 on your iPhone

If you need access to App Center, please ask a maintainer to add you.

[jleandroperez]

Sending you a few notes, looking great Charlie!!

[jleandroperez]

@charliescheer We'd need to polish all of the flows:

• Entering the wrong password during the Passkey Registration results in no feedback
• I was unable to associate the 1P entry I had, with the new Passkey
• The Onboarding flow also results in no feedback, if you previously didn't have a Passkey

That being said, since we're targetting a feature branch, no blockers to merge this one!

Nice work!!

[jleandroperez]

Nipticky: We should prob. capitalize this one

[charliescheer]

Entering the wrong password during the Passkey Registration results in no feedback
I was unable to associate the 1P entry I had, with the new Passkey
The Onboarding flow also results in no feedback, if you previously didn't have a Passkey

Yes! All of that stuff is coming in a future PR