-
krypton-ios
Discontinued DEPRECATED Krypton turns your iOS device into a WebAuthn/U2F Authenticator: strong, unphishable 2FA.
Here's the announcement on the website of the FIDO alliance: https://fidoalliance.org/apple-google-and-microsoft-commit-t...
I hope this cross device system will be cross platform, but I wouldn't be surprised if you could only choose between macOS/iOS, Chrome/Chrome, or Edge/Edge sync.
Funnily enough, a system for signing web authentication requests from a mobile device is far from new: I've been using https://krypt.co/ for years (though it's on the long road of sunsetting right now) and I hope that will last long enough for the new cross device standard to replace it.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
OpenSK
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
-
At least the WebAuthN standard seems to be moving in a different direction [1].
In a nutshell, it will be possible for relying parties (i.e. websites) to detect multi-device/backup capable authenticators if required, but disabling multi-device functionality would require a very explicit opt-out, not an opt-in, on the relying party's side.
[1] https://github.com/w3c/webauthn/issues/1714
-
This is huge! It sounds like they're _finally_ going implement cross-device synced credentials; a move I've been advocating for now for the last two and a half years[1].
Widespread support for this feature is, in my opinion, the last thing needed to make WebAuthn viable as a complete replacement for passwords on the web.
The white paper is here: https://media.fidoalliance.org/wp-content/uploads/2022/03/Ho... Seems like they announced this back in March and I missed it somehow.
[1]: https://hn.algolia.com/?query=ajedi32%20webauthn&type=commen...
-
I absolutely agree that this is a thing that needs to be solved. I cobbled together my own solution using undocumented bits of the Solo firmware[1], but that's not nearly usable enough for average users.
But here's the problem: outside of the hype bubbles, cryptocurrency stuff does not have a good reputation. If the only thing that supports this markets itself as a cryptocurrency wallet, that is going to hurt adoption. People generally do not buy devices in which they actively do not want the main feature.
(I did remind myself of DiceKeys[2] while looking through my notes to find [1], but that has its own problems, such as "oh god what are you doing why does this involve OCRing a photograph of dice on my phone".)
[1] https://github.com/solokeys/solo1/blob/4.1.5/fido2/ctaphid.c...
[2] https://dicekeys.com/
-
kr
Discontinued DEPRECATED A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]
-
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]
-
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]