So in this example we change

PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login"
PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."

to

PLG_SYSTEM_WEBAUTHN="System - Passkeys Passwordless Login"
PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the Passkeys API. Please note that the Passkeys tab in the user profile editor and the Passkeys login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering Passkeys authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."

or is that going too far
???

@brianteeman Yes, that's exactly what I mean. It's not too far, it's exactly what we need to align Joomla's terminology with that adopted by the FIDO Alliance.

it was this part I was concerned about
W3C Web Authentication (WebAuthn) API. ==> Passkeys API

We could simplify it further by rewording

"Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."

to

"Enables passwordless authentication using browser Passkeys. Please note that the Passkeys tab in the user profile editor and the Passkey login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering Passkeys and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."

and what about these?

PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d WebAuthn authenticators already set up: %s"
PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Authenticator Name"

Tricky with plurals when you replace WebAuthn with PassKeys

Perhaps
PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d PassKeys already set up: %s"
PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="PassKey Name"

Correct.

Just note that it's “Passkey”, not “PassKey” (it has a lowercase K). I keep making the same typo myself, don't worry ?

I copied you with the caps

Please check #41085

closing for #41085

Hi @nikosdion I want to share information with you, you are not aware of. Some people feel insulted by your wording ("The Joomla project has done such a horrible job at promoting ..."). I don't think that this was your intention and you are able to make your point in a more friedly way. Please think more about your wording the next time, thank you.

This is the main article that "Joomla" used to promote the feature when it came out.
https://magazine.joomla.org/all-issues/december/passwordless-authentication-for-secure-fast-easy-logins-in-joomla-4
It uses
Passkeys 0
WebAuthn 43
times.
I'm sure the author had the best intentions at the time and indeed coordinated with others in marketing to get the message out; I know as I was one of them.

I am sure it was done with the best intentions by the author, and so if we could simply ask for a language change rather than any negative comments about the project, it would really help make things happen, and people feel more motivated and valued, and I am sure the author of the article has heard your comments and will in future use Passkeys if that's the language that has evolved.

@rdeutz This is the feedback I am getting from users, site integrators, and developers about the WebAuthn feature. The assessment that the project did a bad job of promoting and explaining this feature comes directly from the community.

Instead of being a feature they use by default to secure their sites —in a way no other CMS currently offers out of the box— they are disabling it by default because they believe it requires a third party service. When I explain this is not the case and how it works they have all told me that the project did a really bad job of communicating any of that.

I didn’t say that anyone involved with this feature and its presentation is stupid or incompetent or anything like that — nor do I believe it. As you know, I wrote this feature and Phil Walton ran the JCM piece about it with me before publishing. To the contrary of what you say, I am saying that all of us involved with this feature cocked it up. I am trying to find a way to fix that.

On a side note, I understand what Crystal’s article was about. It’s not about reverting to our past of toxic positivity with the #jpositiv police dissuading people from filing issues. We have been there, done that, and see where we are now :( The entire point was to be the change you want to see in the project. I have been part of something which was miscommunicated. Instead of lamenting the fact and feeling salty about past behaviors I am here trying to fix the shit I and other people broke. ☮️

So why not just say... Webauthn was the term it started out with, but I've noticed a more popular term is Passkeys; how does everyone feel if we change our references to Webauthn from that to Passkeys...
As my nan would say, "more light less heat"

@softforge If anyone says "let's change X to Y" the immediate question is "why?". If the only answer is "because the Y term was introduced about 15 months ago" the counter-answer is "it's equivalent terminology, we call it X, no reason to put this effort on the translation teams".

This would be right EXCEPT for the fact that it's not just the wording that is lacking. Joomla has "burned" the WebAuthn term within its community. People see it and run away.

The problem, Phil, is that both of us failed to address that the article was too technical for the average user. We didn't sell them on the ease of use, not to mention the term "W3C Web Authentication" is a mouthful and a half. Not to put too fine a point, we made it sound more like a communique from the communist party than a marketing piece for a feature which helps users.

The other failure is that beyond this article there was no other marketing push. We could have tried, for example, to do some videos showing how fast it is, maybe have a marketing push for users to show us how they use it for their use case etc. Well, yeah, it's easy to say after the fact. Everyone is an after-Christ prophet, as we say in Greece.

Seeing that we did drop the ball there —and I include myself, I was part of it— and seeing that now FIDO is pushing for passkeys (which, incidentally, do everything we wanted this feature to do in the first place!) it's a great opportunity to change the wording — and, why not, do a marketing push.

As to why I didn't say "hey, y'all, let's change the wording" it should be pretty obvious by now. The problem is not the wording, the problem is the messaging attached to the wording. It would be dishonest on my part NOT saying the ACTUAL reason I want the wording changed. It would be dishonest NOT sharing the community feedback, since you are not receiving it directly (exactly because other community members are AFRAID that they will be piled on, like you do to me, for saying something that's not toxically positive about Joomla).

Anyway. Seeing that the leadership is not ready to accept its portion of blame for past mistakes I will stop submitting issues and contributing to Joomla. There are many other things I have bumped on which need fixing but if I am going to be attacked for reporting it, screw that!!! I have MUCH better things to do with my time.

The term passkey did not exist at launch. Remember we were ahead of the curve. Now, as others implement it, they realise webauthn is not meaningful to the target user. So they came up with the more meaningful, hopefully, term.

Let's relaunch and re-explain in a positive way and do a few videos to accompany the new Passkey article with novices demonstrating so we can be sure all will get it. I use it a lot with my Yubi Key.
It also needs to be a short article so people read it, get just selling points and don't have any technical stuff to worry about.

Are we all good with changing webauthn to Passkey in the language files? Anyone against?

@softforge Yes, thank you, that's the whole point! Amen!

https://docs.google.com/document/d/1Bc6lsuMjU7S7pmp4usRremDDJYzPlhpf3dGVUdX2noo/edit?usp=sharing
Working title @nikosdion
Forget passwords? Then forget about passwords with Passkey, a hidden gem in Joomla 4!
I'm happy to draft a copy and once the language changes are done we can schedule it for the magazine.

I already did the Pull Request for J5. Our b/c rules won't let it happen before then

That's ok; we want to be pointing to features before J5 so we can reference them.
This works well if we get it into the magazine now as it gets more using passkey even if in J4 its webauthn. J5 screenshots show that its a reality and the history bit we can add after the howto in case people don't get that far, so they will see they can use it already in J4.
We are targeting those that didn't go through the whole setup process and realise its usefulness.
We can then shout again on the 17th of October.

@softforge I asked for permission to see the file (the email you used to invite me is no longer a G Suite account).

As for the title I think I'd go with something like "No password, no cry", "Passkeys: or how I learned to stop worrying and love WebAuthn", "Anybody seen my password?", "Hack me, if you can", or "Passwords are so 1980s I can't even". Make it fun and provocative. Even if it's a teensy tiny bit click-baity.

BTW, I can also do small videos showing Passkeys in action, and how they will work in the future implementation (without a username). Something to provoke people and get them thinking.

(BTW, the implementation without a username? I had it working back in August 2019. I figured it was way ahead of its time, so I didn't bother implementing it for my contribution to Joomla!.)

And last thing, I don't want to spam you, we could totally tie in the article intro to the new hot game in the 'hood: The Password Game.

https://css-tricks.com/passkeys-what-the-heck-and-why/