carloscabanero 3 years ago

At BlinkShell we recently added support for WebAuthn for SSH keys. WebAuthn signatures have been a part OpenSSH for a while now, but it looks like we are the first client to do so. You can check out a few cool flows here https://twitter.com/BlinkShell/status/1570427813819486212?s=...

IMO, the best part of Apple adding Passkeys support over WebAuthn is that we are finally able to use Secure Keys as well across all devices. If this takes off, I wonder if it would somehow end up replacing FIDO2 for Secure Keys scenarios as wel.

Freak_NL 3 years ago

For anyone else familiar with WebAuthn but confused about the generic term 'passkey' like I was: the author is probably talking about some new Apple feature for IOS. It looks just like regular WebAuthn from what I can tell.

  • m0RRSIYB0Zq8MgL 3 years ago

    This is a joint development announced by Apple, FIDO, Google, and Microsoft. Passkeys follow the WebAuthn standard but add the functionality of working cross-device without needing to re-enroll and allow one device to authenticate for another near by device (ie phone authenticating log in attempt on laptop).

    https://fidoalliance.org/apple-google-and-microsoft-commit-t...

  • lostfocus 3 years ago

    Yes, it is WebAuthn + iCloud storage of the client credentials.

    • arianvanp 3 years ago

      Note that Microsoft and Google also agreed to the Passkey terminology and will be adopting it in all their Webauthn-related UIs

      • throw0101c 3 years ago

        Also, there is a draft being working on for credentials transfer:

           This document describes a mechanism to transfer digital credentials
           securely between two devices.  Secure credentials may represent a
           digital key to a hotel room, a digital key to a door lock in a house
           or a digital key to a car.  Devices that share credentials may belong
           to the same or two different platforms (e.g. iOS and Android).
           Secure transfer may include one or more write and read operations.
           Credential transfer needs to be performed securely due to the
           sensitive nature of the information.
        
        * https://datatracker.ietf.org/doc/html/draft-secure-credentia...
      • EtienneK 3 years ago

        Being very pedantic: "passkey" is spelt with a lowercase "p" like with "password".

pabs3 3 years ago

Seems like there is no standard for a HTTP protocol for Webauthn logins, like there is for Basic Auth, Kerberos Negotiate, etc?

arianvanp 3 years ago

This is a great tutorial. thanks!