fido2support
-
Hello,
I just wanted to emphasise that this topic is super important.
Now that all browsers and the big tech giants support the topic, more and more websites are offering passkey as a secure and very convenient authentication method. At the latest after Amazon offers passkey as a password replacement (https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app), the topic has finally arrived on the broad market.I see two areas of interest for Cloudron here:
- cloudron apps with keypass (as 2fa or also as 1fa)
- app for developers such as Hanko.io=> https://forum.cloudron.io/topic/8375/hanko-io-fido2-webauthn-passwordless-login
-
Hello,
I just wanted to emphasise that this topic is super important.
Now that all browsers and the big tech giants support the topic, more and more websites are offering passkey as a secure and very convenient authentication method. At the latest after Amazon offers passkey as a password replacement (https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app), the topic has finally arrived on the broad market.I see two areas of interest for Cloudron here:
- cloudron apps with keypass (as 2fa or also as 1fa)
- app for developers such as Hanko.io=> https://forum.cloudron.io/topic/8375/hanko-io-fido2-webauthn-passwordless-login
-
another alternative is passwordless.dev, i think
-
as said I didn't look again into that so far. Last time I attempted, I only managed to get it to work on chrome, but not on firefox. The attempt was with the https://www.npmjs.com/package/fido2-lib module back then.
-
@nebulon maybe because you use Linux? Unfortunately, the support there is still very poor, but it looks much better on other devices. https://www.passkeys.io/compatible-devices
-
A adison referenced this topic on
-
A adison referenced this topic on
-
alright, i'm wondering what improvements have been made sense this topic rolled out.
-
-
@adison +1 for passwordless.dev. Looks really interesting. We have been considering implementing passwordless in one of our applications and their generous user allowance makes a powerful business case. Seems to fit the Cloudron culture as well.
@crazybrad 1. witch app? and2. that is really coll man. yeah it does. i cant wait to see how this is going to go along with cloudron. not only that, i think it'll give bitwardens passwordless team a head because cloudron is not large, but pretty good in size. if i were you, what i would do is have it to where all the user has to do is give cloudron dashboard the key, then cloudron will do the other stuf unless required on the users end.
-
@adisonverlice2 We have a proprietary application (not hosted on Cloudron). I have considered using Cloudron as the single source of authentication truth, but for various reasons, I will likely not go in that direction.
-
@adisonverlice2 We have a proprietary application (not hosted on Cloudron). I have considered using Cloudron as the single source of authentication truth, but for various reasons, I will likely not go in that direction.
@crazybrad i see. that is very cool.
-
i just thought of another way to do fido support.
have cloudron users use something like duo security and then login can be done using fido along with other ways cloudron does not natively support. -
by the way, that link was a link from security now, a podcast i regularly listen to.
here is the official duo security address.
my business has used it before, so i think its pretty good at what it does. -
@girish and @nebulon There's another resource like passwordless.dev that is maintained by members of the W3C and FIDO Alliance team that developed passkeys: https://passkeys.dev/ Even if it's tricky to implement passkey support for applications we host in Cloudron, being able to log in to the admin panel with a passkey would be massive as this provides the security of PKI encryption without the overhead nightmare of running a certificate authority.
It includes libraries and guides for thinking through the implementation. Mastodon handles are on the landing page, too, if you have questions. They maintain the site on their own to help orgs looking to adopt passkeys and one of the maintainers is the author of the SimpleWebAuthn (https://github.com/MasterKale/SimpleWebAuthn)
Bitwarden supports passkeys with their iOS mobile app now and in their beta Android app, and 1Password supports them in both mobile apps, so the ecosystem is at a point where there's full cross-platform support (except Linux dammit, but browser-based passkeys will work on Linux) and it's not just iOS or Chrome Password Manager.
-
i'm glad i've made this more of a trending topic on the forum.
this should push more support for FIDO in cloudron. -
N nebulon referenced this topic on
-
FID02 would be a great security upgrade
-
I did a test today on a laptop running ZorinOS 17.1 with kernel 6.5.
I can confirm the two-way operation of the system using a QR key with Apple iPhone. On the website 'passkeys.io' I was able to write the key as well as read it.
-
I did a test today on a laptop running ZorinOS 17.1 with kernel 6.5.
I can confirm the two-way operation of the system using a QR key with Apple iPhone. On the website 'passkeys.io' I was able to write the key as well as read it.
@matix131997 o cool!
