Passkeys and Modern Authentication

Show context

alphazard ◴[02 Sep 25 17:11 UTC] No.45105959[source]▶

Unfortunately the tech community is full of people who pride themselves on being aware of and advocating for the latest standard put out by whatever company. That's how we end up with lots of complicated nonsense like most of what is sent in HTTP headers, or the contents of a TLS certificate.

On the topic of authentication, it's solved. SSH nailed it, any further complexity is strictly worse. Signing up is uploading a public key. Signing in is cryptographically signing a commitment to the current ephemeral tunnel.

replies(10): >>45106121 #>>45106140 #>>45106170 #>>45106176 #>>45106183 #>>45106261 #>>45106406 #>>45106911 #>>45107421 #>>45107745 #

01HNNWZ0MV43FF ◴[02 Sep 25 17:28 UTC] No.45106261[source]▶

>>45105959 #

> Signing up is uploading a public key. Signing in is cryptographically signing a commitment to the current ephemeral tunnel.

How do I sign in from multiple computers?

replies(2): >>45106320 #>>45106359 #

karmarepellent ◴[02 Sep 25 17:32 UTC] No.45106320[source]▶

>>45106261 #

A service that lets you sign up by uploading a SSH public key could just as well let you upload multiple public keys in your profile to be able to connect from other devices.

replies(1): >>45106390 #

tadfisher ◴[02 Sep 25 17:37 UTC] No.45106390[source]▶

>>45106320 #

Amazing, just like passkeys!

replies(2): >>45106466 #>>45109429 #

karmarepellent ◴[02 Sep 25 17:41 UTC] No.45106466[source]▶

>>45106390 #

The sarcasm is duly noted. But I simply answered the question. I don't have any strong opinion regarding passkeys.

replies(1): >>45107913 #