Passkey support arrived in KeePassXC https://github.com/keepassxreboot/keepassxc/issues/1870
Just last week so it’s not in any distributions yet, but a binary can be found here: https://snapshot.keepassxc.org/build-235575/
I haven’t tried it yet because I haven’t been using passkeys because it wasn’t implemented in KeePassXC but now that it is I will try on some page which implements it. Just need to figure out who implements it. I think none of the Fediverse services does yet.
It looks like it has been updated unless I am not reading it correctly.
https://github.com/dani-garcia/vaultwarden/releases/tag/1.30.0
“Added passkey support, allowing the browser extensions to store and use your passkeys, make sure the extension is updated to version 2023.10.0 or newer for passkey support.”
This is fantastic news.
Instead of having a secret that both you and the server share (password). Only you have the secret. Basically, what happens is that the server sends a message to your device encrypted that says, “If you are person, please give me back this code unencrypted.” And then it gives a code, for example. Your device decrypts that using your secret that you keep and then tells the server the code and the only way to have gotten that code is for you to have successfully decrypted the message the server sent.
By doing it this way, if the server is ever compromised, then it contains no secrets for your account to be brute force decrypted by a hacker.
how does the server encrypt the message it sends without the secret? Or is that stored during sign up?
Would this be susceptible to a MitM attack intercepting the decrypted secret?
oh cool I get it. is this a good replacement for lastpass? I’ve been thinking about switching for a long time, but got kind of locked in to the convenience/cross platform compatibility (i use linux, macos, windows, ios regularly) but haven’t looked into keepass much.