tpm-fido
keepassxc
tpm-fido | keepassxc | |
---|---|---|
8 | 513 | |
274 | 19,312 | |
- | 2.6% | |
2.4 | 8.9 | |
10 months ago | 3 days ago | |
Go | C++ | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tpm-fido
- Tailscale doesn't want your password
- On-device WebAuthn and what makes it hard to do well
- Passkeys in Chrome
-
WebAuthN and Fido for Linux
I also found this: https://github.com/psanford/tpm-fido
FIDO2 should be used more, hopefully more sites end up supporting it sooner rather than later.
- Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop
-
Uber Investigating Breach of Its Computer Systems
If you have a Linux PC with a TPM, you can use https://github.com/psanford/tpm-fido to create and "plug in" a virtual USB WebAuthn key whose secret is irretrievably stored in the machine's TPM. This effectively asserts that your specific machine is being used to enter a given site. However, it's important to remember it doesn't necessarily verify that *you're* present, or even if *anyone* is present at all, since the presence check is done via a software dialog and can be pwned along with the rest of the system.
-
WebAuthn, and Only WebAuthn
There are a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).
You could also use the system TPM (https://github.com/psanford/tpm-fido).
A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).
-
How to bypass Sprint/T-Mobile 2FA in under 5 minutes
I made a FIDO token (a platform authenticator) implementation that uses the TPM to protect your private keys on Linux: https://github.com/psanford/tpm-fido
keepassxc
- Passkey Implementation: Misconceptions, pitfalls and unknown unknowns
- KeePassXC Issue: [Passkeys] should never be exported in clear text
- Authy to sunset EOL end of March 19, 2024 (originally August 2024)
-
I Stopped Using Passwords. It's Great–and a Total Mess
KeepassXC supports exporting, but i don't think it is released in a stable version / to the public yet:
https://github.com/keepassxreboot/keepassxc/pull/8825
-
Ask HN: Best Password Manager without cloud login?
If you use KeePass, make sure you use the KeePassXC variant. KeePass is dead.
https://keepassxc.org/
-
Do you trust password mangers?
That's why you use the superior one, KeePassXC, as linked in the NIST link: https://github.com/keepassxreboot/keepassxc/discussions/9433
- What program(s) do you use to remember passwords, including crypto?
-
Will Plasma 6 still keep X11 compatibility?
Over there, they got pissed about people constantly bugging them about it and closed the bug with the last comment reading:
-
Help a noob out, please.
for the internet, use a password manager like keepassxc with a strong password.
-
KDE Plasma 6.0 Is Enabling Wayland by Default
Another regression is that KeePassX/C AutoType doesn't work with Wayland, so now instead of a simple CTRL+V in KeePassXC, I have to separately copy and paste the user and the pass.
https://github.com/keepassxreboot/keepassxc/issues/2281
What are some alternatives?
virtual-fido - A Virtual FIDO2 USB Device
KeePassDX - Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
SoftU2F - Software U2F authenticator for macOS
KeePass2.x - unofficial mirror of KeePass2.x source code
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
certifi-system-store - certifi-system-store, a certifi hack to use system trust store on Linux and FreeBSD
Strongbox - A KeePass/Password Safe Client for iOS and OS X
SoftU2F-Win - Software U2F authenticator for Windows
MacPass - A native macOS KeePass client
truststore - Verify certificates using OS trust stores
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.