tpm-fido
virtual-fido
| tpm-fido | virtual-fido | |
|---|---|---|
| 8 | 15 | |
| 274 | 1,127 | |
| - | 1.2% | |
| 2.4 | 6.2 | |
| 10 months ago | 20 days ago | |
| Go | C | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tpm-fido
- Tailscale doesn't want your password
- On-device WebAuthn and what makes it hard to do well
- Passkeys in Chrome
-
WebAuthN and Fido for Linux
I also found this: https://github.com/psanford/tpm-fido
FIDO2 should be used more, hopefully more sites end up supporting it sooner rather than later.
- Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop
-
Uber Investigating Breach of Its Computer Systems
If you have a Linux PC with a TPM, you can use https://github.com/psanford/tpm-fido to create and "plug in" a virtual USB WebAuthn key whose secret is irretrievably stored in the machine's TPM. This effectively asserts that your specific machine is being used to enter a given site. However, it's important to remember it doesn't necessarily verify that *you're* present, or even if *anyone* is present at all, since the presence check is done via a software dialog and can be pwned along with the rest of the system.
-
WebAuthn, and Only WebAuthn
There are a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).
You could also use the system TPM (https://github.com/psanford/tpm-fido).
A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).
-
How to bypass Sprint/T-Mobile 2FA in under 5 minutes
I made a FIDO token (a platform authenticator) implementation that uses the TPM to protect your private keys on Linux: https://github.com/psanford/tpm-fido
virtual-fido
- Tailscale doesn't want your password
-
Passkeys now support external providers
> who the heck would carry a USB key with them??
Why not? I do this. It's no different from any other physical key like a door key, and I keep it on the same keychain too...
> The passkey is usable anywhere (signed up on my desktop, hopped over to my laptop and signed in there with the same passkey).
I don't see how this conflicts with physical tokens like Yubikeys? The tokens help you "remember" the key like how a physical door key helps you "remember" the bitting (which is the real authentication info).
Just like passkeys, U2F can also be done using a virtual U2F device if you so choose (https://github.com/bulwarkid/virtual-fido). And presumably you could create an off-device portable token to store passkeys...
The real problem at the end of the day is just consistent adoption. There's still a ton of 2FA services that don't accept U2F and only use SMS or email codes...
-
Google Introduces Passkey Authentication
If this is FIDO2, then it seems these projects might be useful on Linux...
https://github.com/bulwarkid/virtual-fido
https://bulwark.id/
-
Is there a linux equivalent to Windows Hello?
Suggested solution: https://github.com/bulwarkid/virtual-fido
- On-device WebAuthn and what makes it hard to do well
- GitHub - bulwarkid/virtual-fido: A Virtual FIDO2 USB Device
-
Mozilla claims Apple, Google and Microsoft force users to use default browsers
You can use an open source virtual FIDO device instead of Apple's implementation:
https://github.com/bulwarkid/virtual-fido/
-
Hacker News top posts: Sep 18, 2022
Show HN: A virtual Yubikey device for 2FA/WebAuthN\ (104 comments)
- Show HN: A virtual Yubikey device for 2FA/WebAuthN
What are some alternatives?
SoftU2F - Software U2F authenticator for macOS
pam-u2f - Pluggable Authentication Module (PAM) for U2F and FIDO2
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
PIVert
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
j40 - J40: Independent, self-contained JPEG XL decoder
certifi-system-store - certifi-system-store, a certifi hack to use system trust store on Linux and FreeBSD
SoftU2F-Win - Software U2F authenticator for Windows
truststore - Verify certificates using OS trust stores
trabucco - Can launch your 90kg applications for 300m (It's a launcher, like katapult, but better).