Post AQXpVBLevvFahTrOca by nsa@hachyderm.io
(DIR) More posts by nsa@hachyderm.io
(DIR) Post #AQRAPbogLnNTz0tqaG by rmondello@hachyderm.io
2022-12-09T16:53:49Z
2 likes, 1 repeats
🔑 Huge news! Google’s announced that passkeys are available in Google Chrome 108. So we have iOS, iPadOS, macOS, Safari, and Chrome with support.If you’re responsible for a website or app, or its authentication story, it’s time to look at passkeys. https://blog.chromium.org/2022/12/introducing-passkeys-in-chrome.html
(DIR) Post #AQXpVAhFMAvMg8x7dA by gaycodegal@mastodon.social
2022-12-09T20:21:52Z
0 likes, 0 repeats
@rmondello @nsa why would I implement something that relies on a user owning a specific device constantly? Not only can a phone be confiscated but some people don't have consistent computer access. Can the keys even be transferred to another device or duplicated?
(DIR) Post #AQXpVBLevvFahTrOca by nsa@hachyderm.io
2022-12-09T20:33:52Z
0 likes, 0 repeats
@gaycodegal @rmondello you can sync your passkey across devices of the same sync provider. And you can register as many devices of different providers as you want with each website.Using a passkey requires passing a phone unlock. If confiscation is in your threat model you can set a strong factor like a PIN or password as your lockscreen.Third party provider support in the roadmap for Google -- 1password & dashlane are already experimenting with implementations.
(DIR) Post #AQXpVBmbJknk32SucC by ondra@social.unextro.net
2022-12-12T22:39:47Z
0 likes, 0 repeats
@nsa Do I understand correctly that I am forced to use the phone, at least for the first login? Any plans to support for example fingerprint scanner for first login on a Chromebook?I don't like having to carry a phone everywhere with me, especially around the house when I'm already working on a Chromebook that has everything the phone has, but better and more secure.@gaycodegal @rmondello