undefined | Better HN

0 pointsbradley131y ago0 comments

KeepassXC says that it is adding (has added) passkey support. I haven't tested this yet, but if it works, that would avoid platform lock-in. Assuming, of course, that the platforms don't somehow intercept the passkey requests and refuse to allow KeepassXC to do its job.

The big tech companies (Google, Apple, MS) have all become evil.

0 comments

bonton891y ago

> Assuming, of course, that the platforms don't somehow intercept the passkey requests and refuse to allow KeepassXC to do its job.

My understanding is the ability to do that is built directly into the spec with the attestation feature. The only thing that might slow it down is Apple choosing to not implement it and zero out their device string. Others can piggy back on that to protect themselves behind Apple's skirt, at least until Apple changes their stance anyway.

Platforms of course could just not allow Apple passkeys and only allow Apple users to use other 2FA options as well. Rest assured that small players like KeepassXC will be the first ones to have their passkeys blocked or not supported.

The whole thing is a trap IMO.

frantathefranta1y ago

I've tried it and it works on GitHub. Sites seem to be hit-or-miss for now. Tip if you want to use it with the browser add-on, it needs to be manually enabled and you also need to remove any YubiKeys from the system because it will prioritize them over KeePassXC

sigzero1y ago

I like that app but until they add in templates, it's a no go for me. They are discussing it though (for 2.8.0), so maybe a future thing.

https://github.com/keepassxreboot/keepassxc/issues/8228

j / k navigate · click thread line to collapse