#webauth — Public Fediverse posts

I wish authentication on the web worked like this:

- Every browser has one (or more) public key(s).
- The browser presents the public key to the server on request.
- A public key can be shared between browsers of the same user.
- To give your friend access to a web site, you simply ask for their public key.

I know there are passkeys and TLS client certificates, but all implementations are majorly flawed and half-assed in my opinion.

#Web #Browser #WebAuth #Passkeys #Security #InfoSec #TLS

https://github.com/stupidwebauthn/server#flows

Building an authentication server for passwordless authentication NO PASSWORDS INCLUDED!!!

Registration: Sends email for account creation, then requests a passkey

Login: Client asks first for an email, then lists connected passkeys to login with

Work in progress... please let me know what you think

#passkey #webauth #passwordless

"django-allauth 64.0.0 released"

https://allauth.org/news/2024/07/django-allauth-64.0.0-released/

* Added support for WebAuthn based security keys and passkey login.

#python #django #webauth #passkeys

"So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don't use a platform controlled passkey store, and be very careful with security keys."

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Sad to read this.

#passkeys #webauth #authentication #passwordmanagers

"Passkeys - Threat modeling and implementation considerations"

https://slashid.com/blog/passkeys-security-implementation/

#authentication #security #webauth #passkeys

I'm making a TV-guide app for anime, in the open for all to experience and learn from!

Back to square one with #WebAuth, this time with client authentication! Time to dive into the spec, get confused, try something out, read the spec again, tear it all down… a virtuous cycle of understanding 😅

#Jiiiii #DevStream #tvOS #visionOS #macOS #Anime #Swift #SwiftUI #Vapor #BuildInPublic

Come chill with me: https://youtube.com/live/4r_8YXxI4rw

@Foxboron
Here in the US, you can get several models for $15-25, a few even less.
Not free but not expensive.
#fido #webauth

@bitwarden has finally started to push out #passkey support.
I have waited so long for this and I am really happy to see it!
https://www.theverge.com/2023/11/2/23943173/bitwarden-passkey-support-released-browser-extension

#fido2 #webauth #infosec #cybersecurity #mfaboston

Let us spread the #Joomla #cms power. Everybody can post a feature once a day . I start with #Multifactorauthentification #webauth #webdev

Let us spread the #Joomla #cms power. Everybody can post a feature once a day . I start with #Multifactorauthentification #webauth #webdev

Let us spread the #Joomla #cms power. Everybody can post a feature once a day . I start with #Multifactorauthentification #webauth #webdev

Let us spread the #Joomla #cms power. Everybody can post a feature once a day . I start with #Multifactorauthentification #webauth #webdev

Let us spread the #Joomla #cms power. Everybody can post a feature once a day . I start with #Multifactorauthentification #webauth #webdev

@hund Förstår dig. Jag tror att det är möjligt att informera folkvalda representanter om att den här frågan är kritisk för framtiden och att den behöver lösas för att lösa mycket annat. #DIGG har ansvar över #EID men saknas idag politisk vilja och medel att bygga ett öppet och fritt alternativ. Eller möjliggöra att det går att identifiera sig via egen #OpenID / #OAuth / #WebAuth / #LDAP eller liknande. Jag vet inte vilken nuvarande lösning som är bra och säker nog för #EID.

Un jour prochain, l'authentification par clé #u2f et #fido2. Coming soon dans #mastodon
#webauth #2fa

@aaronpk
what's your opinion on #webauth?