carloscabanero 9 days ago

At BlinkShell we recently added support for WebAuthn for SSH keys. WebAuthn signatures have been a part OpenSSH for a while now, but it looks like we are the first client to do so. You can check out a few cool flows here

IMO, the best part of Apple adding Passkeys support over WebAuthn is that we are finally able to use Secure Keys as well across all devices. If this takes off, I wonder if it would somehow end up replacing FIDO2 for Secure Keys scenarios as wel.

Freak_NL 10 days ago

For anyone else familiar with WebAuthn but confused about the generic term 'passkey' like I was: the author is probably talking about some new Apple feature for IOS. It looks just like regular WebAuthn from what I can tell.

  • m0RRSIYB0Zq8MgL 9 days ago

    This is a joint development announced by Apple, FIDO, Google, and Microsoft. Passkeys follow the WebAuthn standard but add the functionality of working cross-device without needing to re-enroll and allow one device to authenticate for another near by device (ie phone authenticating log in attempt on laptop).

  • lostfocus 10 days ago

    Yes, it is WebAuthn + iCloud storage of the client credentials.

    • arianvanp 10 days ago

      Note that Microsoft and Google also agreed to the Passkey terminology and will be adopting it in all their Webauthn-related UIs

      • throw0101c 9 days ago

        Also, there is a draft being working on for credentials transfer:

           This document describes a mechanism to transfer digital credentials
           securely between two devices.  Secure credentials may represent a
           digital key to a hotel room, a digital key to a door lock in a house
           or a digital key to a car.  Devices that share credentials may belong
           to the same or two different platforms (e.g. iOS and Android).
           Secure transfer may include one or more write and read operations.
           Credential transfer needs to be performed securely due to the
           sensitive nature of the information.
      • EtienneK 9 days ago

        Being very pedantic: "passkey" is spelt with a lowercase "p" like with "password".

pabs3 10 days ago

Seems like there is no standard for a HTTP protocol for Webauthn logins, like there is for Basic Auth, Kerberos Negotiate, etc?

arianvanp 10 days ago

This is a great tutorial. thanks!