Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Chrome Privacy Security

Passkey Support Rolls Out To Chrome Stable (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: Following Google's beta rollout of the feature in October, passkeys are now hitting Chrome stable M108. "Passkey" is built on industry standards and backed by all the big platform vendors -- Google, Apple, Microsoft -- along with the FIDO Alliance. Google's latest blog says: "With the latest version of Chrome, we're enabling passkeys on Windows 11, macOS, and Android." The Google Password Manager on Android is ready to sync all your passkeys to the cloud, and if you can meet all the hardware requirements and find a supporting service, you can now sign-in to something with a passkey. [...]

Now that this is actually up and running on Chrome 108 and a supported OS, you should be able to see the passkey screen under the "autofill" section of the Chrome settings (or try pasting chrome://settings/passkeys into the address bar). Next up we'll need more websites and services to actually support using a passkey instead of a password to sign in. Google Account support would be a good first step -- right now you can use a passkey for two-factor authentication with Google, but you can't replace your password yet. Everyone's go-to example of passkeys is the passkeys.io demo site, which we have a walkthrough of here.

This discussion has been archived. No new comments can be posted.

Passkey Support Rolls Out To Chrome Stable

Comments Filter:
  • by cowwoc2001 ( 976892 ) on Friday December 09, 2022 @08:11PM (#63118256)

    I'd rather use password managers over biometrics for privacy reasons.

    • You don't have to use biometrics. heck, you don't even need to use a phone. It's just that most people would be using a phone for as a FIDO2WebAuthn device and most people yes would be using biometrics for locking their phone. But you don't have to. Never mind that biometrics is local on both iOS and Android, this is a completely parallel discussion that has nothing to do with the subject.

  • Certified Fido2 keys can't be cloned, you have to register separate keys. Now passkeys are held in escrow through a third party they suddenly can be cloned/synced?

    Fuck you very much Fido alliance.

    • by Anonymous Coward

      No the fido2 keys can't be synced. Each device has their own unique keys.
      Only the keys to sign them are stored online so that sites authenticating you know your dozens or hundreds of unique keys are the same identity.

      The only reason this doesn't work well now is that most sites won't let you upload multiple keys.
      That and no one wants to generate one key per device per site per identity and manually keep track of which ones go to what and where.

      Now if your computer has a thousand keys, your phone can auto g

      • It's all webauthn, nothing changed in that respect.

        When you sync to iCloud you are cloning the virtual Fido2 key stored in Apple's secure domain, that's why it suddenly works ... cloning was necessary all along.

  • "Passkey" is built on industry standards and backed by all the big platform vendors -- Google, Apple, Microsoft -- along with the FIDO Alliance.

    Ever more lock in and tracking soon to be required by all the big players, designed to further break a private internet built on open standards where anyone could succeed.

    • by itsme1234 ( 199680 ) on Saturday December 10, 2022 @02:08AM (#63118670)

      What are you talking about? You can build everything on open source from small players, you have even the option to buy such hardware keys. Even plain old "open standard" e-mail is by now way, WAY more locked-in (or "broken" if you "DIY" it).

      The issue is in reverse, that only these large players actually use it at all. And only the "main" players get it right, the ones with big businesses in IT, like Google, Microsoft/github, Cloudflare accounts. Others like Paypal/Ebay are a complete shitfest, you can't remove less secure ways to access your account - which is for the best anyway as WebAuthn support is half-assed, being able to just add one key and it doesn't work more than half of the time. The vast majority of banks never heard of this and I understand it isn't even meeting the PSD2 requirements to be used in the EU (but plain clear text, possibly over the air, SMSes and all kinds of weird apps apparently do!).

  • Sync all your passkeys to the cloud .. gowan gowan gowan [youtu.be] /s
  • On Apple Firefox will never get in the app store, ChromeOS doesn't even have an app store any more. So no native access to the keychains, only through cross device authentication with a mobile which sucks. That leaves only Windows where they could conceivably get access to Windows Hello, but that's the weakest keychain because Microsoft no longer has their own mobile.

    Passkeys are an additional huge force for anti-competitive ecosystem lock-in. Consumer electronic ecosystems are the greatest monopoly in hist

    • by tlhIngan ( 30335 )

      On Apple Firefox will never get in the app store,

      It's already there...
      https://www.mozilla.org/en-CA/... [mozilla.org]

      A browser is more than a rendering engine. The rendering engine takes the HTML and lays it out on a page. The Javascript engine takes the javascript and uses it to manipulate the DOM. But there is more to a web browser than that - password managers, bookmark managers, extension managers, etc, are all elements that make up a browser, and there are enough hooks in WebKit to do all those things to keep integ

    • The issue that you can't install this (or any) app on this or that OS doesn't have anything to do with this otherwise perfectly fine (albeit not that widespread both in supported client and server/services) authentication standard.

      "huge force for anti-competitive ecosystem lock-in", what the heck you can use the same standard on Linux with (you distro standard, without any plugins or compile options or anything) openssh and if you prefer with open source hardware keys.

      Also, in reverse, nobody is forcing any

      • A force doesn't have to be unresistable to be a force. Passkeys will push even more people to stay entirely inside ecosystem simply out of convenience.

        I can resist that force, but I'm a crotchety old man fighting windmills who inconveniences himself out of spite. I'm not the sea of normies which actually make up most of the consumer base who will just follow the force and stay even more inside ecosystem.

        Regulators will have to step in and force cross ecosystem syncing of passkeys, but they will probably be

      • PS. passkeys are the first password alternative which actually has good usability, as long as you stay inside a single ecosystem. It will have vastly greater uptake than all the trash in the past.

Genius is ten percent inspiration and fifty percent capital gains.

Working...