Posts by nsa@hachyderm.io
 (DIR) Post #AQXpVBLevvFahTrOca by nsa@hachyderm.io
       2022-12-09T20:33:52Z
       
       0 likes, 0 repeats
       
       @gaycodegal @rmondello you can sync your passkey across devices of the same sync provider. And you can register as many devices of different providers as you want with each website.Using a passkey requires passing a phone unlock. If confiscation is in your threat model you can set a strong factor like a PIN or password as your lockscreen.Third party provider support in the roadmap for Google -- 1password & dashlane are already experimenting with implementations.
       
 (DIR) Post #AVYP5z01fDWWHiuXyK by nsa@hachyderm.io
       2023-05-11T18:24:13Z
       
       0 likes, 0 repeats
       
       How do people avoid wasting their time reading dozens of articles with thousands of comments on the technology you & your team are developing 😬
       
 (DIR) Post #AWMwNRMzqsVoitwMIi by nsa@hachyderm.io
       2023-06-04T15:00:14Z
       
       0 likes, 1 repeats
       
       Implementing #passkeys?A few pitfalls I've seen recently:* Not setting `residentKey` to `required`.   This tells the authenticator credentials must be discoverable with empty allow lists on assertions.The default is `discouraged` which is not what you want for passkeys. iphones don't support non rk credentials so it makes no difference for them, but Android phones will create a non rk credential which will be created but won't show up on a passkey authentication (!!!).
       
 (DIR) Post #AWMwNUchkvrMoUJRhY by nsa@hachyderm.io
       2023-06-04T15:04:18Z
       
       0 likes, 0 repeats
       
       * Attempting to make a platform credential without checking `PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()` first. Please, call this method before showing the user any hero dialog telling them to upgrade to a local passkey. Otherwise the user will see a modal dialog error saying that their device doesn't support the required authenticator.Most devices have one such authenticator but a lot don't: Windows without Hello set up and Linux boxes are examples.
       
 (DIR) Post #AWMwNXYCs72ntPEObg by nsa@hachyderm.io
       2023-06-04T15:06:22Z
       
       0 likes, 0 repeats
       
       Did you know you can simulate all these conditions with the chrome #devtools webauthn panel? It's pretty nifty to debug webauthn on chrome desktop.https://developer.chrome.com/docs/devtools/webauthn/
       
 (DIR) Post #AYoSmo3hQ6gZU9hLxg by nsa@hachyderm.io
       2023-08-17T02:42:44Z
       
       0 likes, 1 repeats
       
       My last half decade of work was validated when a random uncle of my bf who *doesn't work in tech* said he "really liked this new #passkey thing they were using at work" because "normal 2fa sucks".He is *into* tech, but still. Woah. We goin' mainstream.
       
 (DIR) Post #Ad3vGr034Hp8gIU5hI by nsa@hachyderm.io
       2023-12-22T02:56:20Z
       
       1 likes, 0 repeats
       
       Kinda wanna put this up in my office
       
 (DIR) Post #Ak6NQswcoAWqa6riTI by nsa@hachyderm.io
       2024-07-19T22:01:17Z
       
       0 likes, 0 repeats
       
       @foone ahhh so eugenics!
       
 (DIR) Post #Ali4KG7Vm61H6u4pv6 by nsa@hachyderm.io
       2024-09-06T00:25:57Z
       
       0 likes, 0 repeats
       
       @foone I don't like the implication this has for passkeys doing away with 2fa/mfa...