- Gist Minor Release 0.1.0 [2024-01-16] (for information on this versioning scheme, see Status & Versioning)
- Copyright ©️2024 by Christopher Allen, and is shared under CC-BY-SA-4.0 open-source license. See my Lists of High-Signal, Low Noise Links repo's README.md for more details.
Passkeys are a modern authentication method gaining traction with support from major platform vendors and online service providers, is designed to replace traditional password-based systems. They leverage public key cryptography, to over a more secure and user-friendly login experience. Passkeys often utilize biometrics or PINs for user verification, integrating closely with user hardware devices. This approach is being increasingly adopted and supported by major tech companies, including Apple, Google, and Microsoft, signifying a significant shift in authentication practices.
WebAuthn, the underlying technology for passkeys, is a web standard for authentication. It allows servers to register and authenticate users using public key cryptography instead of a password. WebAuthn is part of the FIDO2 specification, which aims to standardize and enhance the security of web-based authentication. By using WebAuthn, developers can implement stronger authentication mechanisms that are resistant to phishing, offering greater security and convenience for users.
-
What are Passkeys and How Do They Work? (2023-06-12). [web article]. Descope. Retrieved 2024-01-16 from: https://www.descope.com/learn/post/passkeys.
TAGS: #Passkeys #WebAuthn #BiometricAuthentication #PublicPrivateKeyCryptography #PasswordlessLogin #UserExperience #MultiFactorAuthentication #Privacy #Cybersecurity
SHORT ABSTRACT: "This article explores the concept, functioning, and benefits of passkeys. It details how passkeys offer a passwordless login method, leveraging public-private key cryptography and biometric authentication for enhanced security and a simplified user experience. The piece also discusses the challenges and adoption considerations for passkeys, emphasizing their role in modern cybersecurity and user authentication practices."
KEY QUOTES: "Passkeys... provide increased security while also making the login process much easier." "Passkeys provide multi-factor authentication by checking the user’s device and biometrics in one user-facing step."
-
How Passkeys Work (n.d.). [web article]. Yubico. Retrieved 2024-01-16 from: https://developers.yubico.com/Passkeys/How_passkeys_work.html.
TAGS: #Passkeys #MultiFactorAuthentication #PublicKeyAuthentication #Biometrics #SecurityKeys #AuthenticationFactors #UserVerification #WebAuthn #Yubico
SHORT ABSTRACT: "This article delves into the mechanics of passkeys, illustrating how they enhance multi-factor authentication by combining something the user has (a security key or embedded authenticator) with something they know (PIN) or are (biometric data). It explains how passkeys utilize public key-based authentication, where during registration, the authenticator provides a public key to the application, corresponding to a private key on the authenticator. This method enhances security by requiring multiple secure elements for authentication."
KEY QUOTES: "Passkeys...combine something you have (the authenticator), and something you either know (PIN) or are (biometric), to complete any registration or authentication ceremony." "During a registration ceremony, your authenticator will provide a public key to an application that will have a corresponding private key that exists on the authenticator."
COMMENTARY: @ChristopherA: "This web article is part of a series of pages from Yubi.co (a hardware developer supporting passkeys) that is a good starting point for develelopers."
- Authentication Services Documentation (n.d.). [web documentation]. Apple Developer. Retrieved 2024-01-16 from: https://developer.apple.com/documentation/authenticationservices.
TAGS: #AppleDeveloper #AuthenticationServices #SoftwareDevelopment #APIs #UserAuthentication #Security #iOSDevelopment #AppDevelopment SHORT ABSTRACT: "Apple's Authentication Services documentation provides developers with comprehensive guides and API references for implementing user authentication in apps. It focuses on utilizing Apple's ecosystem to create secure and efficient authentication processes, catering to a wide range of app development needs within the iOS environment." KEY QUOTES: "This documentation assists developers in integrating secure and user-friendly authentication methods into their iOS applications, leveraging Apple's robust security protocols."
- AndroidX Credentials Release Notes (n.d.). [web article]. Google. Retrieved 2024-01-16 from: https://developer.android.com/jetpack/androidx/releases/credentials.
TAGS: #AndroidX #Credentials #Google #AndroidDevelopment #SoftwareLibraries #ReleaseNotes #Programming #MobileDevelopment #TechnologyUpdates SHORT ABSTRACT: "This page provides detailed release notes for the AndroidX Credentials library by Google for Android 14. It covers recent updates, bug fixes, and new features added to enhance Android app development. The content is crucial for developers to stay informed about the latest changes in the Android ecosystem." KEY QUOTES: "In the latest update, AndroidX Credentials significantly improves authentication processes, making it easier for developers to implement secure login features."
- We're Open-Sourcing the Library that Powers 1Password’s Passwordless Authentication (2023-08-28). [blog post]. Léveillé, René. Retrieved 2024-01-16 from 1Password Blog: https://blog.1password.com/passkey-crates/.
TAGS: #PasswordlessAuthentication #OpenSource #WebAuthn #Cybersecurity #DigitalSecurity #AuthenticationTechnology #Passkey #1Password #SoftwareDevelopment #TechInnovation
SHORT ABSTRACT: "This post details 1Password's initiative to open-source their internal library used for passkey authentication. This decision to make the library public is part of their ongoing development in passwordless authentication, allowing others to develop WebAuthn clients and authenticators. The post provides details on the various aspects of this library, its components, and its significance in the realm of secure authentication."
KEY QUOTES: "We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!"; "The
passkey v0.1.0
crate is an easy access crate that doesn’t implement anything itself. It re-exports the other crates as modules."; "We use Rust at the core of all our client applications, including the browser extension through WASM. Unfortunately, webauthn-rs uses OpenSSL as their cryptographic library, and the Rust wrapper doesn’t officially support WASM."; "The issue stems from the fact that the codegen for thepsl
crate creates a method for each item in that list. They’re marked with the #inline directive, but our best guess is that the compiler decided to ignore those."
- Passkeys.io - The passkey demo and info page by Hanko.io
- Hanko - Open authentication for the passkey era
- hanko/backend at main · teamhanko/hanko
- passkey - crates.io: Rust Package Registry
- Rust Passkeys: Add Passkeys to your Rust App
- Libraries - passkeys.dev
- webauthn_rs - Rust
- None