I wish authentication on the web worked like this:

- Every browser has one (or more) public key(s).
- The browser presents the public key to the server on request.
- A public key can be shared between browsers of the same user.
- To give your friend access to a web site, you simply ask for their public key.

I know there are passkeys and TLS client certificates, but all implementations are majorly flawed and half-assed in my opinion.

#Web #Browser #WebAuth #Passkeys #Security #InfoSec #TLS

https://github.com/stupidwebauthn/server#flows

Building an authentication server for passwordless authentication NO PASSWORDS INCLUDED!!!

Registration: Sends email for account creation, then requests a passkey

Login: Client asks first for an email, then lists connected passkeys to login with

Work in progress... please let me know what you think

#passkey #webauth #passwordless

"django-allauth 64.0.0 released"

https://allauth.org/news/2024/07/django-allauth-64.0.0-released/

* Added support for WebAuthn based security keys and passkey login.

#python #django #webauth #passkeys

"So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don't use a platform controlled passkey store, and be very careful with security keys."

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Sad to read this.

#passkeys #webauth #authentication #passwordmanagers

"Passkeys - Threat modeling and implementation considerations"

https://slashid.com/blog/passkeys-security-implementation/

#authentication #security #webauth #passkeys

@bitwarden has finally started to push out #passkey support.
I have waited so long for this and I am really happy to see it!
https://www.theverge.com/2023/11/2/23943173/bitwarden-passkey-support-released-browser-extension

#fido2 #webauth #infosec #cybersecurity #mfaboston