shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

267
active users

#passkey

1 post1 participant0 posts today

This may be a lame observation, but I believe I now better understand why #Passkey adoption is perhaps not as high as one would expect.

Username/password authentication is "easy" to implement. A million ways you can do it badly, but you can nonetheless do it.

Passkey authentication is not as easy to do. (And no... I do not have experience with Passkey authentication...)

But the fact that multiple tutorials and guides already refer to implementation authN using third-party services frustrates me...

Enough whining... I will make a more concerted effort to try and figure this out now.

Calling upon #Python developers. Have you implemented #Passkey authentication without using third-party services?

I'm trying to find some good reference material but all seem to include usage of third-party services for managing the authentication...

... but I want full "ownership" of the authentication stack before deciding to ship that to someone else. One of the most critical components is not something I feel entirely comfortable handing off to someone else.

So... anyone got something to share? I have come across this:

pypi.org/project/webauthn/

That seems to give me the server/backend stuff. If you have experience building the frontend/UX components using #Reflex then I would be even more excited to hear from you! 🙂

pypi.orgClient Challenge

Ich habe gerade Dokumente für das Kindergeld über die #eServices der #arbeitsagentur hochgelanden.

Vorab, ich finde die Idee, die der #BundID zugrunde liegt, gut. Insbesondere, dass ich auf Basis des BundID Profile bei der #arbeitsagentur anlegen kann ist gut. Alternative könnte bei der #arbeitsagentur auch einen #Passkey verwenden.

Ich wollte jetzt die #BundID zusammen mit dem Personalausweis verwenden. Warum muss das so eine unglaublich schlecht #Useability haben? (1/n)

#Passkey deployment checklist is now available.

This new content summarizes all the passkey best practices we can think of when a website deploys a passkey system such as:

  • Use AAGUID to identify the passkey provider and to name the credential for the user.
  • Prompt for local passkey creation if the user has signed in with a cross-device passkey.
  • Verify the user with the strongest authentication method available for they can use before allowing them to create a passkey.

You can use this checklist to build a best possible passkey implementation, or to see if there are anything you can improve by comparing it with your existing deployment.

Checkout our passkey deployment checklist from here: web.dev/articles/passkey-check

If you have any feedback on this content, please let me know!

web.devSecure and seamless passkeys: A deployment checklist  |  Articles  |  web.devA checklist for developers to make sure their passkey implementations are following all the best practices.

I need to better understand passkeys. And I need to develop guidance that I can explain to my dad.

On that note it was cool to see Costco app prompt to create a #passkey this morning.

So, #passkey question:

Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?

That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.

I HATE this wretched #Passkey nonsense. Every browser, OS, Website is trying to get me to create the things with NO explanation of how they work or what consequences are AND when I'm actually in the middle of signing in using a password manager.

As near I can tell, I've just had Windows, Chrome and maybe Amazon all have go.

And talk about anti patterns! Major sign in changes are NOT what you try to force on people in the middle of login task completion. What's WRONG with you?
#InfoSec