med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

362
active users

#Passkey

5 posts5 participants1 post today

Today in #Passkey madness, as I was logging in to a site the following occured:
Site! Set up a passkey!
Phone! NO! Set up a passkey with me meeeeeeee!
Password manager! You could set up a passkey y'know!

ALL AT THE SAME TIME.

After some stabbing of virtual buttons I finally managed to log in using the password manager I actually use.

This is INSANE.

Calling upon #Python developers. Have you implemented #Passkey authentication without using third-party services?

I'm trying to find some good reference material but all seem to include usage of third-party services for managing the authentication...

... but I want full "ownership" of the authentication stack before deciding to ship that to someone else. One of the most critical components is not something I feel entirely comfortable handing off to someone else.

So... anyone got something to share? I have come across this:

pypi.org/project/webauthn/

That seems to give me the server/backend stuff. If you have experience building the frontend/UX components using #Reflex then I would be even more excited to hear from you! 🙂

pypi.orgClient Challenge

Liebe Mitlinuxer.
Ich lese mich gerade zum Thema "Passkey & Linux" schlau. Sehe ich das richtig, dass aktuell das nur in Kombination mit KeepassXC und nem Browser, der über die Paketverwaltung installiert wurde?

Das wäre ja schon irgendwie enttäuschend...

Interesting #passkey #passkeys stuff to keep an eye on.

There currently seems very limited support for passkeys on the end user side in Linux, i.e. completely open source solutions.

Here are two related interesting projects, one that uses ssh keys as passkeys:

github.com/bulwarkid/ssh-passk

and another that creates a virtual fido USB device:

github.com/bulwarkid/virtual-f

there are related to a Linux passkey GUI manager that seems to have not seen much development for quite a few years:

bulwark.id/

I don't know if these are stable enough to use, but interesting anyway - given the rapid movement in this space I'd expect to passkey related software having more activity.

bulwark.id/blog/problem-with-p

A utility to use SSH keys as passkeys. Contribute to bulwarkid/ssh-passkey development by creating an account on GitHub.
GitHubGitHub - bulwarkid/ssh-passkey: A utility to use SSH keys as passkeysA utility to use SSH keys as passkeys. Contribute to bulwarkid/ssh-passkey development by creating an account on GitHub.

Ich habe gerade Dokumente für das Kindergeld über die #eServices der #arbeitsagentur hochgelanden.

Vorab, ich finde die Idee, die der #BundID zugrunde liegt, gut. Insbesondere, dass ich auf Basis des BundID Profile bei der #arbeitsagentur anlegen kann ist gut. Alternative könnte bei der #arbeitsagentur auch einen #Passkey verwenden.

Ich wollte jetzt die #BundID zusammen mit dem Personalausweis verwenden. Warum muss das so eine unglaublich schlecht #Useability haben? (1/n)

#Passkey deployment checklist is now available.

This new content summarizes all the passkey best practices we can think of when a website deploys a passkey system such as:

  • Use AAGUID to identify the passkey provider and to name the credential for the user.
  • Prompt for local passkey creation if the user has signed in with a cross-device passkey.
  • Verify the user with the strongest authentication method available for they can use before allowing them to create a passkey.

You can use this checklist to build a best possible passkey implementation, or to see if there are anything you can improve by comparing it with your existing deployment.

Checkout our passkey deployment checklist from here: web.dev/articles/passkey-check

If you have any feedback on this content, please let me know!

web.devSecure and seamless passkeys: A deployment checklist  |  Articles  |  web.devA checklist for developers to make sure their passkey implementations are following all the best practices.

Hey #pocketid users!

I submitted 2 feature requests on GitHub for Pocket-ID. Feel free to upvote them if you find them useful :-)

🚀 Feature: Approximate Location Recognizes Local IPv6 as LAN, Internal Network
github.com/pocket-id/pocket-id

🚀 Feature: Global Audit Log Adds a Local Traffic Filter
github.com/pocket-id/pocket-id

Thanks

GitHub🚀 Feature: Approximate Location Recognizes Local IPv6 as LAN, Internal Network · Issue #634 · pocket-id/pocket-idBy LucasJanin
#OIDC#SSO#passkey

Die Webseite #bundesagentur für #Arbeit ist einfach schlecht.
Das fängt schon bei der Anmeldung an. Irgendwas mit #Passkey
Die Seite ist dann vollkommen überladen mit Informationen.
Was zu finden ist langwierig.
Am schlimmsten ist jedoch die Übermittlung von Unterlagen, da es keine Emailadressen im Schriftverkehr angegeben sind. Muss irgendwie über das Nachrichtendingsbums auf der Seite was übermittelt werden. Ohne Angabe zum Aktenzeichen oder so...

I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO

lucasjanin.com/2025/06/02/pock