I just got the update on my phone on Google play, Firefox now supports 3rd party password managers for passkeys (on android 14+). Just tried it, and I got prompted with my 3rd party password manager, so it works!

  • @astro_ray@lemdro.id
    link
    fedilink
    English
    65 months ago

    Pass keys has so many issues that they still haven’t figured out. Unless it attains a bit of maturity I will not use it.

    • Pasta DentalOP
      link
      fedilink
      125 months ago

      I really like them as a more secure way of logging in, its basically what authentication should have been all along (and weve been doing it all along, with SSH keys!). Its about time we take that private/public key concept and apply it to user accounts

      • @Moonrise2473@feddit.it
        link
        fedilink
        55 months ago

        main issue for me is that i didn’t see any way to invalidate old passkeys. I tried them in a few websites like ebay but it looks like they are valid forever so if my device is compromised, the attacker has access to my account in perpetuity even if i change the password

        • @Bitrot
          link
          English
          105 months ago

          You delete it from your account, that makes it invalid. Just like removing an entry from authorized_keys. If the site does this after changing the password or not is up to them.

          • @Moonrise2473@feddit.it
            link
            fedilink
            15 months ago

            I mean, suppose that i save a passkey in my password manager, then because of my bad opsec someone else gets hold of it - if I delete it from my account, the attacker still has a copy and I have no way to invalidate it

            I checked again on eBay, there’s no “list of passkeys” even if I created 4 of them (one for each browser on each of my computer + one synced via password manager)

            • @Bitrot
              link
              English
              65 months ago

              eBay has implemented their passkey support poorly. “Turn off” will invalidate them. Most sites have a list of passkeys and you just delete the one you don’t want working anymore. At that point it doesn’t matter who has it, it’s useless.

  • Otter
    link
    fedilink
    English
    35 months ago

    Which version of the app is this? I assume the update isn’t available in my region yet or something

      • Otter
        link
        fedilink
        English
        15 months ago

        Odd, I’m probably looking in the wrong place. I’ll look into it more, thanks :)