Collaborate Disseminate
I am building a pure client-side app.
My users have a .kdbx vault stored in localStorage, and they can open it with a password.
In order to add a biometric\quick open feature into the app I thought about creating a Webauthn entry and stori… Continue reading storing user hashed password into webauthn id
I’m not entirely convinced of the importance of verifying the authenticator attestation, and I’ve asked a question about it, I’m open to it, and if you want, you can post an answer at that question, but this one is specifically about "… Continue reading How does it "allow a malicious website to obtain valid credentials." – WebAuthn
Previously some good fellow explained the importance of verifying the public key created and offered by authenticators.
As before, given the complexity of a FULL implementation of RP operation, I believe it’s possible that some aspect may … Continue reading Suggestions for implementing a simplified subset of WebAuthn Relaying Party Operation
The description for the FineTech FPS00200 USB fingerprint sensor mentions that it does support Windows Hello specifically, but it does not mention FIDO2 more generally. But then FWIK Windows Hello implements FIDO2 (WebAuthn) and more.
So c… Continue reading Can a USB fingerprint sensor support Windows Hello but not FIDO2
The description for the FineTech FPS00200 USB fingerprint sensor mentions that it does support Windows Hello specifically, but it does not mention FIDO2 more generally. But then FWIK Windows Hello implements FIDO2 (WebAuthn) and more.
So c… Continue reading Can a USB fingerprint sensor support Windows Hello but not FIDO2
The description for the FineTech FPS00200 USB fingerprint sensor mentions that it does support Windows Hello specifically, but it does not mention FIDO2 more generally. But then FWIK Windows Hello implements FIDO2 (WebAuthn) and more.
So c… Continue reading Can a USB fingerprint sensor support Windows Hello but not FIDO2
Is PSD2’s Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn?
For the purposes of this question, I’m classifying all systems where an OTP has to be transmitted as "insec… Continue reading Is 3DS compatible with secure 2FA technologies? (TOTP, WebAuthn)
Why does FIDO2’s spec not mention FIDO UAF as a related standard? I wonder if FIDO UAF is still relevant. Will FIDO UAF be deprecated eventually in favor of FIDO2? Why do they co-exist if they fulfil the same purpose?
What I already know:
… Continue reading Why does FIDO2’s spec not mention FIDO UAF as a related standard? [duplicate]
I’m experimenting with adding passkeys to Drupal.
I’m using webauthn-lib 4.7.
When registering a passkey, the device generates a Public Key Credential, which is then sent to the server as stringified JSON:
{
"publicKeyCredentialId&q… Continue reading Webauthn: Access control for the public key credential uploaded by the user’s device
So, before this year, when you were using WebAuthN to create security keys on an up to date Android phone (Pixel 6 in my case), you had these options (iirc):
When creating a platform authenticator, you were offered Fingerprint/Passcode. Wh… Continue reading Did Android remove Fingerprint/Passcode for WebAuthN and lower security to push Passkeys?