passwordless.dev
-
hi everybody.
I wantt cloudron ot have a application called passwordless.dev
@nebulon if I remember correctly, said 2FA via passkey is not supported very well in cloudron.
however, with passwordless, all you would have to do is install a few libraries, which makes it easy, and the user would have to just provide an API key and such in their dashboard to get logged in. -
Let me add a little more context, it’s made by Bitwarden:
Bitwarden Passwordless.dev is a software toolkit that helps developers build FIDO2 WebAuthn-based passkey features into websites and enterprise applications for seamless authentication flows.
Homepage: https://bitwarden.com/products/passwordless/
Overview: https://docs.passwordless.dev/guide/
Note that it‘s open source but only free up to 10.000 users / month: https://bitwarden.com/products/passwordless/
-
@necrevistonnezr thank you.
also, I myself do not need that much users, I don't have a thousand employees, I have around 5 employees.
that's what I plan to use passwordless.dev for -
and while it's out of this posts skope, there is a program called fido2-lib, but I would like passwordlessdev more because it gives you more flexibility and you don't have to necisarily worry about compatiblity.
this post from bitwarden also covers how they do bitwarden FIDO2 auth on their password manager if you're interested -
@adisonverlice2 @necrevistonnezr Thank you both for posting about this. I just returned from an API conference and a presenter from Yubico was advocating for adding passwordless. If/when I received the slidedeck, I will share some resources he mentioned. But I think that Bitwarden is an excellent approach and for most of us, 10,000 users per month will not be an issue. On the other hand, I could buy a lot of Cloudrons and Auth services if I had 10,000 users...
-
@crazybrad o not a prob;em. I advocate for more secure solutions like web authn, so I thought I'd share it.
and yeah, loll, they're basically giving us jef basos amount of users leol.
of course, this would be a different issue if we were using it with, say, vaultwarden, but bitwarden has it's own authentication methods with FIDO2.
we would use passwordless for securing admin data for the my domain and OIDC my domains.
also, would you be willing to share a summery of that from yubiko's end? or in a separate post?
if not, it's fine, I think though it would help in implementing things like passwordlesss and stuf like that. -
@adisonverlice2 Happy to share the Yubico presentation. I just checked and the slides have not been posted yet. I will check next week.
-
@crazybrad I see.
btw, you'll have to explain it in word form, I'm blind and my screen reader does not work in some cases with images.
if not, I've been testing something like astica cognitive AI, so I might be able to use artificial intelligence to scan it. -
wow, I'm actually surprised we haven't made (any) progress on FIDO2 despite the few suggestions...it's sad...
-
@adisonverlice2
That's because the library does not yet support 100% Linux systems. So far it works with a password manager e.g.: Bitwarden. -
@matix131997 aw, I see.
