Mike Jones: self-issued

Musings on Digital Identity

Category: Consulting

Why I Joined Hawcx

By

On August 27, 2025

In Consulting, Phishing Resistance

Hawcx logo(This is a repost of the original post Why I Joined Hawcx – Dr. Michael B. Jones.)

Hawcx and I share a vision for secure, seamless, passwordless authentication. We are working to see it widely deployed to make life better for people worldwide.

I have put years of my life into the WebAuthn and FIDO2 standards efforts trying to make this happen. It’s a partial success but still very much a work in progress in terms of adoption and security guarantees. Hawcx is fully aware of both the achievements of the FIDO approach and the impediments to its adoption.

It’s attractive to me that Hawcx is innovating in the passwordless arena, incorporating learnings from FIDO, but also employing innovative approaches where they add value. Hawcx wants to create both a great user experience and a highly secure infrastructure. There’s a freshness to this approach that I admire.

Hawcx has created a passwordless login solution that doesn’t have many of the downsides that we’ve been struggling with in FIDO for years. No synced passkeys. No AirDropping them – including no AirDropping them to phishers. Deployments are not dependent on the security of the “sync fabrics” operated by the platforms and password managers. Instead, each device has its own secured private key used at the RP that is never exported or shared.

While it’s not often said this directly, one factor limiting FIDO and WebAuthn is that the browser vendors are gatekeepers to innovation in the Web platform. Unless two and ideally all of them decide to build something, the initiative is dead in the water. Follow the journey of the Device-Bound Public Keys (a.k.a. Supplemental Public Keys) extension, which would have let RPs know if a new device was being used. It was in the spec, not built by the browser vendors, and then out of the spec as a result. In a world of synced passkeys, this was critical for higher-value sites to be able to meet their compliance and security requirements. But we’ve been stuck for years. In comparison, the Hawcx approach is browser and platform agnostic and not gated on choices made by Apple, Google, Microsoft, and Mozilla.

No, I’m not giving up on standards. I’ve poured my professional life into them, and Hawcx fully supports me in this. I have a track record of credibility from consistently speaking the truth and achieving outcomes that benefit the entire industry. I will bring that same credibility and ethos to my standards engagements on behalf of Hawcx. Hawcx plans to positively influence the Web platform based on their experience for the betterment of all, through WebAuthn and FIDO.

I’m excited about this new journey!

Yes, I’m an independent consultant now

By

On July 11, 2023

In Consulting, People

Michael B. JonesAs many of you know, three months ago I decided to hang out my own shingle and become an independent consultant. I couldn’t be happier! I have a great initial set of clients I’m working with to create things they and I believe in and I have room for a few more.

For all the changes in my life, some things have remained constant: I’m still motivated by Kim Cameron‘s quest to build the Internet’s missing identity layer. I’m still mentoring smart new contributors to the identity space. I’m still contributing to specifications that will get used and make a difference. I’m still thinking about the big picture – especially everything it will take to grow interoperable ecosystems that enable everyday people to get useful things done. I’m still collaborating with fantastic people!

I named my business Self-Issued Consulting. Special thanks to Heather Flanagan, who clearly explained to me why I want to be a consultant at this juncture in my career, and who told me to write a Standards CV before I launched my professional Web site.

Yes, I’m grateful for the 30½ years I had at Microsoft. My career wouldn’t be remotely the same without them. But at the same time, soon after 30 years, I realized that it was time for a change. I’m grateful for all my friends who have helped me chart this next course on my identity journey. You know who you are!

I can’t resist but end with a few musical phrases that have been running through my head during this transition:

  • All things must pass – George Harrison
  • After changes upon changes / We are more or less the same – Simon and Garfunkel
  • Getting so much better all the time – The Beatles

Powered by WordPress & Theme by Anders Norén