Firebase Auth vs Hanko for Solo Developers

Quick Comparison

Firebase Auth Overview

Firebase Auth is Google's authentication service supporting email/password, phone verification, anonymous auth, and social providers. The SDKs handle token management, session persistence, and refresh automatically. Mobile SDKs for iOS, Android, and Flutter are first-class, handling platform-specific OAuth flows natively.

The free tier covers 50,000 MAU. Integration with Firestore security rules means request.auth.uid controls data access at the database level. Cloud Functions can trigger on auth events. The Firebase console provides user management and basic analytics.

I use Firebase Auth across multiple projects. For mobile apps especially, the native SDK experience is hard to beat. Google Sign-In on Flutter took about 15 minutes to implement.

Hanko Overview

Hanko is an open-source auth platform built around passkeys and WebAuthn. Users authenticate with biometrics (Face ID, Touch ID, Windows Hello) instead of passwords. The <hanko-auth> web component renders a complete login flow with passkey registration and email passcode fallback.

The backend is a Go server that handles WebAuthn challenges, passkey storage, and user management. You can self-host it or use Hanko Cloud. Web components work with React, Vue, Svelte, or plain HTML, making integration framework-agnostic.

I prototyped with Hanko to test the passkey experience. Users register a passkey once, then future logins are a single biometric tap. The convenience compared to traditional password + MFA flows is dramatic.

Key Differences

Authentication model. Firebase Auth uses traditional authentication: passwords, OAuth tokens, phone codes. It's proven and universal. Hanko uses passkeys as the primary method with email passcodes as fallback. Passkeys are newer technology that offers better security and UX, but not every device and context supports them yet.

User experience. Hanko's passkey flow is genuinely superior for end users. One tap to log in. No password to type, no MFA code to enter, no password manager needed. Firebase Auth's login is functional but conventional. The UX difference matters for consumer products where login friction affects retention.

Mobile support. Firebase Auth has native SDKs for iOS, Android, Flutter, and Unity. These handle platform-specific auth flows (Apple Sign-In requirements, Google Play Services) seamlessly. Hanko is web-first. Passkeys work in mobile browsers and can be integrated into native apps via WebAuthn APIs, but Firebase has a smoother mobile integration story.

Free tier. Firebase Auth gives you 50,000 MAU free. Hanko's self-hosted version has no MAU limits (it's open source). Hanko Cloud has its own pricing tiers. If you're self-hosting, Hanko costs nothing per user. If you're using the cloud version, compare specific plans.

Ecosystem integration. Firebase Auth plugs into Firestore, Cloud Functions, Cloud Storage, Analytics, and Crashlytics. Choosing Firebase Auth often means choosing the Firebase ecosystem. Hanko is standalone. It handles auth and nothing else. You pair it with whatever backend and database you want.

Security model. Passkeys (Hanko) are phishing-resistant by design. The private key never leaves the device, so there's nothing to steal or phish. Firebase Auth's password-based flows are vulnerable to credential stuffing, phishing, and password reuse. From a pure security perspective, passkeys are the stronger approach.

Maturity. Firebase Auth has been around for years, handles billions of logins, and is backed by Google. Hanko is younger with a smaller community. Firebase has more battle-tested production deployments. If you prioritize proven stability, Firebase has the track record.

When to Choose Firebase Auth

• You're building a mobile app with native SDKs
• You're using Firebase for your backend (Firestore, Cloud Functions)
• Anonymous auth for progressive onboarding matters
• You want the widest device compatibility without fallback concerns
• Battle-tested stability backed by Google is important

When to Choose Hanko

• You're building a web app where login UX is a priority
• Phishing-resistant, passwordless security matters for your product
• You want open-source, self-hosted auth with no MAU limits
• Eliminating password-related support issues (resets, breaches) is valuable
• You're comfortable betting on passkeys as the future of auth

The Verdict

Firebase Auth is the safer, more established choice. It works everywhere, has native mobile SDKs, and integrates with a full backend ecosystem. For solo developers building mobile apps or using Firebase, it's the obvious pick. The 50,000 MAU free tier and zero-config setup make it practical.

Hanko is the more innovative choice. Passkeys deliver a better user experience and stronger security than traditional auth. For web-first consumer products where login friction matters, Hanko gives your users a noticeably better experience. The technology is real and production-ready in modern browsers.

My recommendation: if you're building a mobile app, use Firebase Auth. The native SDK advantage is decisive. If you're building a web app and want the best possible login experience, give Hanko a serious try. The passkey flow is genuinely impressive, and being early to passwordless auth could be a product differentiator. For web apps where you just need auth to work and move on, Firebase Auth is the reliable default.