Robert Kingett1d ago
For a while I thought #PassKeys were like a tech hype thing so big tech could lock us into their ecosystems even more, and then I started looking into them and their advantage became far clearer to me. They still have a bunch of problems for people like me that change their devices frequently, at least in internet time.
I dislike the idea of being locked out of my stuff because my device is bricked, so I started looking for ways to use PassKeys with something like #KeePass databases. The bad news for us blind folk, the more accessible Keepass app doesn't have PassKey support. The far less screen reader friendly #KeePassXC has far better PassKey support, but, as I said before, not half as screen reader friendly as the OG KeePass is, unless I am missing something.
#StrongBox, which is accessible on iOS can work with PassKeys though. This way, you can't be tied to one device.
Show threadNick1d ago

@WeirdWriter I'm personally a bit bearish on passkeys. I'm totally in favor of replacing password auth with key-based auth. My two beefs with passkeys are that I would like to be able to tie them to a hardware auth device if I choose*, and I dislike how in most contexts they seem to assume you're locked into someone's walled garden (be that Apple, MS, or Google).

That being said, if one is going to use them and not bind them to a hardware key, this seems like a good approach. And I think it's especially important that anything as foundational as authentication be accessible. I'm curious what people think is the better path to remedying this situation, adding passkey support to KeePass or improving accessibility of KeePassXC? And I wonder if throwing some money toward one or the other might help fix this (for those of us who would be so inclined).

* If anyone reading is interested in the particular issues using hardware keys with passkeys, I talk about it a bit in this thread (though I'm no expert):
https://mathstodon.xyz/@internic/115469013411719424

Show threadNate Allen
@internic @WeirdWriter I've found #1Password to have an excellent passkey experience on both PC and Android and they're big proponents - they manage a directory of web sites and apps that have implemented them. I think their Apple equivalents are also well regarded.
Apr 3 at 8:27pmWeb
Show threadRobert Kingett1d ago
@mossyfoot @internic I’d rather not be locked into one password manager. With My keepass database, I’m not locked into a single app
Show threadNate Allen1d ago
@WeirdWriter @internic I get it. It's valid. I've only had a little experience myself with FIDO-based hardware keys and they're fiddly enough in the Windows Hello world that only like two people in IT even have them. But that's more about how Hello is terrible I think.
Show threadNick1d ago
@mossyfoot Interesting. I've actually had pretty good luck with my Yubikey under Linux, with the exception of a bug in Firefox (regarding wanting a PIN even when you don't have one set) that I had to work around with an about:config change. Honestly my biggest problem is that first very few people supported FIDO/WebAuthn and now they're all focused on passkey (which has the aforementioned issues). @WeirdWriter
Show threadNate Allen1d ago
@internic @WeirdWriter oh yes they do work fine in Linux. How I dream we used Linux at work :)
Show threadNick1d ago
@mossyfoot You and me both! (I was only talking about my experience on my personal devices.) @WeirdWriter
Show threadNick1d ago

@mossyfoot I use and am generally a fan of 1Password, and I agree they have an implementation that seems to work well enough (for the little I've used it). I can't speak at all to its accessibility (which is why I hadn't mentioned it).

When I tried to mix storing less important passkeys in 1Password and more important ones using my Yubikey, it didn't really seem to support that use case, though I guess that's not shocking. It also seems to me that the optimal passkey storage would require a second factor like a PIN or biometrics each time you use one of the passkeys (or at least the option to enable this for the most important ones).
@WeirdWriter

Show threadJeffrey D. Stark1d ago
@internic @WeirdWriter @mossyfoot been super happy with it for years too