Comment on Passkeys Explained: The End of Passwords
Doccool@lemmy.world 5 weeks agoCurrently I use a FOSS (I think?) password manager, BitWarden, that supports passkeys. I use it across Mac, Windows and Android so I’m while my passkeys are locked yo the password manager, I am not locked to any of the aforementioned megacorps.
KeePassXC has begun rollout of their own implementation, and I’m pretty sure they’re considered FOSS.
From a quick scan of the white paper, it appears they’re currently using on-device passkey discovery and otherwise “intercepting” passkey registration workflows, which I take to mean they aren’t originating the request as a passkey registrar. This may be the easiest method to satisfy FIDO’s dID requirements.
I use BitWarden too. OS , device and browser agnostic is a win
But I imagine the vast amount of people will use whatever their platform is pushing, so Apple Google or Microsoft. And in 5 years time “3rd party passkeys” are not “secure enough” and blocked by the OS. (Ok that’s a bit tinfoil hat, but Google’s recent Android app developer verification scheme is fresh in mind)
SkaveRat@discuss.tchncs.de 5 weeks ago
While I use and love bitwarden, it’s not exactly foss. Although there is a foss implementation of their server backend
AbidanYre@lemmy.world 5 weeks ago
Vaultwarden (the free server implementation) also supports passkeys.
kjetil@lemmy.world 5 weeks ago
A cursory search lead to this thread from 2024 community.bitwarden.com/t/…/74800
where an employee stated
Both the client and server are mostly open source. Some server features are paywalled. The alternative Vaultwarden server is fully open source, and much lighter on system resources.
Have there been any recent licensing shenanigans with BitWarden?