Comment on Passkeys Explained: The End of Passwords
Doccool@lemmy.world 23 hours agoCurrently I use a FOSS (I think?) password manager, BitWarden, that supports passkeys. I use it across Mac, Windows and Android so I’m while my passkeys are locked yo the password manager, I am not locked to any of the aforementioned megacorps.
I use BitWarden too. OS , device and browser agnostic is a win
But I imagine the vast amount of people will use whatever their platform is pushing, so Apple Google or Microsoft. And in 5 years time “3rd party passkeys” are not “secure enough” and blocked by the OS. (Ok that’s a bit tinfoil hat, but Google’s recent Android app developer verification scheme is fresh in mind)
KeePassXC has begun rollout of their own implementation, and I’m pretty sure they’re considered FOSS.
From a quick scan of the white paper, it appears they’re currently using on-device passkey discovery and otherwise “intercepting” passkey registration workflows, which I take to mean they aren’t originating the request as a passkey registrar. This may be the easiest method to satisfy FIDO’s dID requirements.
SkaveRat@discuss.tchncs.de 22 hours ago
While I use and love bitwarden, it’s not exactly foss. Although there is a foss implementation of their server backend
AbidanYre@lemmy.world 22 hours ago
Vaultwarden (the free server implementation) also supports passkeys.
kjetil@lemmy.world 17 hours ago
A cursory search lead to this thread from 2024 community.bitwarden.com/t/…/74800
where an employee stated
Both the client and server are mostly open source. Some server features are paywalled. The alternative Vaultwarden server is fully open source, and much lighter on system resources.
Have there been any recent licensing shenanigans with BitWarden?