Comment on A "Sign in with fediverse" button?
renzhexiangjiao@lemmy.blahaj.zone 2 weeks ago
please correct me if i’m wrong on this. lots of people here saying that it’s not practical because we would have to trust tiny instances that may be malicious. however, what if we make user’s identity provable to anyone, simply by the use of logic? suppose we have a way of generating random proof-theorem pairs (for example, the theorems could be something like “the largest proper factor of n is greater than some m, where m and n are some huuuuuge numbers and n is semiprime”, the proofs could be constructive). we let the identity be the theorem and the password be the proof. hence, anyone is able to verify the indentity by the use of a theorem prover like Agda
4am@lemm.ee 2 weeks ago
Congrats you just invented passkeys
renzhexiangjiao@lemmy.blahaj.zone 2 weeks ago
why can’t we use passkeys instead of passwords though? is it just a matter of convenience? if so, maybe there is a way to determine a passkey from a password?
4am@lemm.ee 2 weeks ago
We can, passkeys are being adopted all over the web. If you specifically mean for Lemmy or fediverse services, it’s probably just a matter of adding support. It isn’t hard, per se, but it is important to get it right.
You can store passkeys in a password manager like BitWarden and they become portable. Then it doesn’t matter if you have a centralized authentication server. You just get logged in with your passkey, supplied by your password manager.