Open Source

30830 readers

428 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

152

Bitwarden passkey support starts rolling out through the browser extension (www.androidpolice.com)

submitted 11 months ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 13 points 11 months ago* (last edited 11 months ago)

Passkeys are client-driven.

When you visit a website you'd like to login to, your browser generates a public/private key pair and gives the public key to the site.

When you want to login:

The browser uses the website domain name to generate a challenge and sends it to the website.
The website verifies the challenge by sending back a randomly generated long text, encrypted with the public key.
Browser confirms by sending back the decrypted text as proof.

Now both website and browser are sure the other is legit, there are no passwords involved, the login process is standardized and can be upgraded with new protocols and cyphers whenever needed, you can't be phished, you can't be tricked by a fake domain that looks in Unicode like the correct one, and if anybody breaks in and steals the public key they can't do anything with it.