lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

53
active users

#passkey

0 posts0 participants0 posts today

That feeling when the browser asks you for your #passkey PIN but it's actually not a PIN but a passphrase and you enter the #YubiKey PIN instead twice and get increasingly serious warnings about permanent lockout before realizing ...

Replied in thread

@stormii
TNX

Damit landet tatsächlich ein #Passkey in #KeepassXC und es tut auch mit dem #Yubikey, aber auf dem Yubikey landen die Daten nicht dort, wo ich sie erwarten würde:

$ fido2-token -L -r /dev/hidraw1
Enter PIN for /dev/hidraw1: 
00: dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA= webauthn.io
01: IteEK9B+kZFJE+tmeQE0fTb9NToEt+/PeXqSq0tlVNc= www.passkeys.io

Bin verwirrt...

Calling upon #Python developers. Have you implemented #Passkey authentication without using third-party services?

I'm trying to find some good reference material but all seem to include usage of third-party services for managing the authentication...

... but I want full "ownership" of the authentication stack before deciding to ship that to someone else. One of the most critical components is not something I feel entirely comfortable handing off to someone else.

So... anyone got something to share? I have come across this:

pypi.org/project/webauthn/

That seems to give me the server/backend stuff. If you have experience building the frontend/UX components using #Reflex then I would be even more excited to hear from you! 🙂

pypi.orgClient Challenge

I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO

lucasjanin.com/2025/06/02/pock

I need to better understand passkeys. And I need to develop guidance that I can explain to my dad.

On that note it was cool to see Costco app prompt to create a #passkey this morning.

Replied in thread

@sarahjamielewis I would like to hear answers to that question as well. I have not tried it myself, but I'm considering #Keycloak for something like that.

I would also suggest the hashtags #passkey #webauthn and #fido to gather the attention of the right people?

If you're ready to learn the technical details, then there is a Tour of WebAuthN here: imperialviolet.org/tourofwebau

www.imperialviolet.orgA Tour of WebAuthn

«Passkey technology is elegant, but it’s most definitely not usable security:
Just in time for holiday tech-support sessions, here's what to know about passkeys.»
– from @dangoodin

As always, the use of technology also involves its implementation and application. Consumers are a belief and a promise, but not a use.

🔓 arstechnica.com/security/2024/

Ars Technica · Passkey technology is elegant, but it’s most definitely not usable securityBy Dan Goodin
Continued thread

I've written a new blog post taking a moderately deep dive into "Threat Modeling YubiKeys and Passkeys"

yawnbox.is/blog/threat-modelin

I greatly welcome feedback as I want to make sure I'm not misrepresenting anything. I want to make it better if it can be improved. I'm happy to be wrong, just please provide details and links!

also, i need a job! if you like my work, maybe you know of something where i'd be a good fit.

yawnbox.isThreat modeling YubiKeys and passkeys