Passkey is an open standard. It’s not Google specific.
Comment on Google will now make passkeys the default for personal accounts
kakes@sh.itjust.works 1 year ago
While I would agree this sounds more secure, I’m always worried about people getting further locked in to Google’s products.
Hopefully this system won’t take accounts “hostage” by requiring you use Chrome to log in to them, but it’s Google, so…
hardypart@feddit.de 1 year ago
kakes@sh.itjust.works 1 year ago
That’s good to hear. I don’t know much about passkeys, and I should really spend some time learning about them. Didn’t mean to fear-monger, but I guess I’m getting more cynical these days.
kakes@sh.itjust.works 1 year ago
Updated my root comment to reflect this.
SkaveRat@discuss.tchncs.de 1 year ago
it’s passkeys. they are getting integrated in a lot of stuff right now, including password managers like bitwarden
darth_helmet@sh.itjust.works 1 year ago
Use a yubikey, that doesn’t vendor-lock you to an OS ecosystem. They make one with nfc so it’s not a pain to use with your phone.
russjr08@outpost.zeuslink.net 1 year ago
I’m not sure if this is universal or specific to the last site I tried to use my Yubikey with as a passkey, but it only would allow it to be used as 2FA, not actual passwordless authentication.
I assume this is because Yubikeys don’t create a secret for each individual website I suppose? Not exactly sure about that one.
hedgehog@ttrpg.network 1 year ago
The site likely didn’t support passkeys. But passkeys are basically webauthn passwordless login, and per the yubikey docs they support that.
See www.yubico.com/authentication-standards/fido2/ and fidoalliance.org/passkeys/#faq for more info. See also support.apple.com/guide/iphone/…/ios specifically the bit about adding a passkey to a physical key.
russjr08@outpost.zeuslink.net 1 year ago
Google definitely supports passkeys, and they were one of the sites that did this. I’ve just replied to another comment regarding this. I wonder if the Yubikey 4 (I’m not sure how to tell which one I have, since they look about the same) just doesn’t support passkeys, which would be… unfortunate.
It’ll be even more unfortunate if there’s a weird mix of sites that support the Yubikey as a passkey and some only support it as a passkey. My Pixel is supported as a passkey, but Firefox on Linux doesn’t support this - only on Windows and macOS. I believe Chrome/Chromium does, which is equally as frustrating as my Yubikey possibly not supporting passkeys.
Strangely enough, Google lets me “add” my Yubikey as a passkey, but then does not let me sign in with it due to it not being “recognized”. If I remove it as a passkey, and only use it as a 2FA token, attempt to sign in and use the “Enter your password” option, it will then let me use the key after I’ve entered my password as a second factor.
So it seems Google has removed the error (or its not triggering anymore) as they will have been one of the first sites I tried to create a passkey for, but it still does not let you use it as a passkey.
Natanael@slrpnk.net 1 year ago
Both the website and your physical security token must support the right type of webauthn credentials (the token has storage for a certain number of slots with “discoverable credentials”).
Passkeys is a variant of the same which is bound to your device’s own TPM / SE security chip or equivalent, plus a synchronization feature for backups.
Companion1666@lemmy.world 1 year ago
You can use it Yubico keys as your passwordless authentication. Both Google and Microsoft have this option.
russjr08@outpost.zeuslink.net 1 year ago
Strangely enough, Google lets me “add” my Yubikey as a passkey, but then does not let me sign in with it due to it not being “recognized”. If I remove it as a passkey, and only use it as a 2FA token, attempt to sign in and use the “Enter your password” option, it will then let me use the key after I’ve entered my password as a second factor.
So it seems Google has removed the error (or its not triggering anymore) as they will have been one of the first sites I tried to create a passkey for, but it still does not let you use it as a passkey.
Tibert@jlai.lu 1 year ago
Mot likely it won’t need to have chrome. However maybe Google services may be required.
However it is also very likely, if a device cannot support such feature, it will only require a password and 2fa.
ubermeisters@lemmy.world 1 year ago
MondayToFriday@lemmy.ca 1 year ago
Mozilla is in the process of implementing passkeys in Firefox. This page tracks the status of various implementations of passkeys.
ubermeisters@lemmy.world 1 year ago
Yeah I’ve already switched to LibreWolf after seeing the AI bullshit that FF is adding in the name of “spotting fake reviews”. My ass.
lolcatnip@reddthat.com 1 year ago
Did you just make up something that could happen and then get mad about it?
cacheson@kbin.social 1 year ago
https://en.wikipedia.org/wiki/Satire
HeartyBeast@kbin.social 1 year ago
Satire typically highlights something that has happened, not something made up.
lolcatnip@reddthat.com 1 year ago
Where’s the humor?
ubermeisters@lemmy.world 1 year ago
Yeah I’m in that kinda mood today.