Mastodawn

The Web Authentication Working Group invites implementations of an updated Candidate Recommendation Snapshot of Web Authentication: An API for accessing Public Key Credentials Level 3. This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
https://www.w3.org/news/2026/updated-candidate-recommendation-web-authentication-an-api-for-accessing-public-key-credentials-level-3/
#WebAuth #WebStandards

Ortwin Pinke 2d ago

da hat doch #selfhtml mal wieder geholfen 😔 😏
Wenn es mal wieder etwas schneller gehen soll mit dem #WebAuth 😁

@selfhtml
https://wiki.selfhtml.org/wiki/Webserver/htaccess/Zugriffskontrolle

Webserver/htaccess/Zugriffskontrolle – SELFHTML-Wiki

Fell

Feb 14, 2025

I wish authentication on the web worked like this:

- Every browser has one (or more) public key(s).
- The browser presents the public key to the server on request.
- A public key can be shared between browsers of the same user.
- To give your friend access to a web site, you simply ask for their public key.

I know there are passkeys and TLS client certificates, but all implementations are majorly flawed and half-assed in my opinion.

#Web #Browser #WebAuth #Passkeys #Security #InfoSec #TLS

lil5

🚲 🇳🇱Sep 23, 2024

https://github.com/stupidwebauthn/server#flows

Building an authentication server for passwordless authentication NO PASSWORDS INCLUDED!!!

Registration: Sends email for account creation, then requests a passkey

Work in progress... please let me know what you think

#passkey #webauth #passwordless

GitHub - stupidwebauthn/server

Contribute to stupidwebauthn/server development by creating an account on GitHub.

GitHub

Show thread

Açık Sistem Sep 13, 2024

Ayrıca #SAML tabanlı ağ kimlik doğrulaması için #WebAuth desteği, Geliştirilmiş Açık (OWE) Wi-Fi güvenlik desteği, KDE uygulamalarında sorunsuz kaydırmayı devre dışı bırakmak için yeni bir seçenek, Pil widget'ının simgesi için bir güç profili rozeti ve monitörünüze yerleşik renk profili verilerini kullanmak için yeni bir seçenek vaat ediyor.

Gonçalo Valério Aug 1, 2024

"django-allauth 64.0.0 released"

https://allauth.org/news/2024/07/django-allauth-64.0.0-released/

* Added support for WebAuthn based security keys and passkey login.

#python #django #webauth #passkeys

django-allauth 64.0.0 released | allauth

Gonçalo Valério Apr 26, 2024

"So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don't use a platform controlled passkey store, and be very careful with security keys."

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Sad to read this.

#passkeys #webauth #authentication #passwordmanagers

Passkeys: A Shattered Dream

Firstyear's blog

Gonçalo Valério Mar 3, 2024

"Passkeys - Threat modeling and implementation considerations"

https://slashid.com/blog/passkeys-security-implementation/

#authentication #security #webauth #passkeys

Passkeys - Threat modeling and implementation considerations | SlashID Blog

In this blog post, we review the current state of the technology from a security standpoint and we’ll discuss some critical aspects of passkey implementation.

Show thread

Dimitri Bouniol Feb 19, 2024

I'm making a TV-guide app for anime, in the open for all to experience and learn from!

Back to square one with #WebAuth, this time with client authentication! Time to dive into the spec, get confused, try something out, read the spec again, tear it all down… a virtuous cycle of understanding 😅

#Jiiiii #DevStream #tvOS #visionOS #macOS #Anime #Swift #SwiftUI #Vapor #BuildInPublic

Come chill with me: https://youtube.com/live/4r_8YXxI4rw