Lucia vs Hanko for Solo Developers

Quick Comparison

Lucia Overview

Lucia is an open-source auth library that provides session management and token handling as building blocks. You install the npm package, configure a database adapter, and build your auth flows using Lucia's functions. Registration, login, OAuth, password hashing, and middleware are your responsibility. Lucia handles the cryptographic layer and stays out of everything else.

The philosophy is ownership. Every line of auth code is in your codebase, using your database schema, following your rules. No external service calls during authentication, no monthly bills, no vendor dependency.

I built a side project with Lucia where I needed custom session attributes that no managed service supported. The library let me define exactly what sessions contained and how they expired. It took longer to set up than a managed service, but the end result was mine.

Hanko Overview

Hanko is an open-source authentication platform designed around passkeys and WebAuthn. Instead of passwords, users authenticate with biometrics: Face ID, Touch ID, or Windows Hello. Hanko provides web components (<hanko-auth>, <hanko-profile>) that render complete auth flows you drop into your frontend.

The backend is a Go server you can self-host or use via Hanko Cloud. It handles passkey registration, WebAuthn challenges, email passcode fallback, and user management. The web components are framework-agnostic and work with React, Vue, Svelte, or vanilla HTML.

I tried Hanko in a prototype and the user experience was impressive. Users register with a passkey, then future logins are a single biometric tap. No passwords to remember or type, no MFA codes. The convenience is genuine.

Key Differences

Auth approach. Lucia gives you building blocks for traditional auth: passwords, sessions, cookies. You can implement any auth pattern, but you build it yourself. Hanko gives you a complete passkey-first auth flow as a pre-built component. The approaches are fundamentally different. Lucia is a toolkit. Hanko is a solution.

Setup time. Hanko's web components can be added to a page in under an hour. Drop in <hanko-auth>, point it at your Hanko backend, and you have a working passkey login. Lucia takes several hours because you're building forms, handlers, middleware, and password logic from scratch. Hanko gets you to working auth much faster.

User experience. Hanko's passkey flow is genuinely better for end users. One biometric tap to log in. No password to remember, no reset emails, no 2FA codes. Lucia-based auth typically means traditional email/password forms, which users are familiar with but which aren't as smooth.

Flexibility. Lucia wins on flexibility. You can build any auth pattern: custom session schemas, unusual token logic, multi-step auth flows, or hybrid approaches that no opinionated platform supports. Hanko is opinionated about passkeys being the primary method. If you need traditional password auth or custom flows, Hanko isn't the right tool.

Self-hosting. Both are self-hostable and open source. Lucia runs as part of your Node.js app. Hanko runs as a separate Go server. Lucia adds zero infrastructure. Hanko adds one service (though it's lightweight compared to something like Keycloak).

Browser compatibility. Passkeys require WebAuthn support. Modern browsers handle it, but older browsers and some devices don't. Hanko provides email passcode fallback. Lucia-based password auth works everywhere. If your audience includes users on older browsers, traditional auth has wider compatibility.

Social login. Lucia requires you to implement OAuth flows using additional libraries. Hanko supports social providers through its backend configuration. Neither makes social login trivially easy, but Hanko handles the OAuth server-side so you don't write the flow code.

When to Choose Lucia

• You need traditional password-based authentication
• Custom session logic or non-standard auth flows are required
• You want zero additional infrastructure (just a library in your app)
• Full control over every aspect of the auth implementation matters
• Your audience includes users on older browsers or devices

When to Choose Hanko

• You want the best possible login experience for users (passkeys)
• Passwordless authentication aligns with your product vision
• A pre-built auth component that you drop into your frontend is appealing
• You're building a new product and can go passwordless from day one
• Eliminating password-related support tickets and security risks matters

The Verdict

Lucia and Hanko solve authentication differently. Lucia gives you a toolkit for building traditional auth exactly how you want it. Hanko gives you a modern passkey-first flow in a pre-built component. The right choice depends on what kind of auth experience you want to deliver.

For solo developers building a product where user experience is a differentiator, Hanko is worth the bet on passkeys. The login flow is noticeably better, and passwordless eliminates an entire category of security problems. The technology is production-ready in modern browsers.

For solo developers who need traditional auth, custom flows, or the widest possible device compatibility, Lucia provides the flexibility to build exactly what you need. It's more work, but the result is entirely under your control.

My recommendation: if you're starting a new consumer product today and your users have modern devices, try Hanko. The UX improvement from passkeys is real and measurable. If you need traditional auth or have complex requirements, Lucia gives you the building blocks without vendor lock-in.