Skip to main content
Information Security

Questions tagged [webauthn]

Ask Question

The tag has no summary.

54 questions
Newest Active Bountied Unanswered
1 vote
1 answer
116 views

I have been thinking about backing up passkeys, I asked a previous question about backing up individual private keys. This procedure requires one to create the backup after creating the account. ...
User65535's user avatar
  • 447
2 votes
1 answer
344 views

Every WebAuthn implementation I've seen stores the session data server side, but that just seems pointless to me, since what seems to be essentially all the same data is already sent to the client in ...
Aidan's user avatar
  • 145
2 votes
1 answer
341 views

In exploring the use of passkeys I have used KeePassXC. I followed their instructions to create a paper backup and did not get any private data about the passkey. There is available an entry called ...
User65535's user avatar
  • 447
4 votes
2 answers
353 views

There is a topic I have been going back and forth with for some time. Here is the premise: we need to create a mobile app for a highly regulated industry the app should leverage oAuth2 for obtaining ...
user336510's user avatar
  • 41
1 vote
1 answer
153 views

The Register has an article on Passkeys, and one of the issues they use to argue that they are unlikely to be widely adopted is: The process is bootstrapped by getting the user to authenticate using ...
User65535's user avatar
  • 447
1 vote
1 answer
124 views

In previous question I asked about simple login systems, and WebAuthn was the answer. From a brief read of the web pages I THINK it is possible to create a standalone GPL implementation of Passkeys ...
User65535's user avatar
  • 447
1 vote
1 answer
139 views

Currently I am working on implementing/supporting WebAuthN in my service (JAVA). I have a Control Plane which handles the registration ceremony and Data Plane that handles the authentication ceremony. ...
John Doe's user avatar
  • 13
0 votes
1 answer
256 views

Security Noob here. I am trying to build a secure passwordless login mechanism for my webservice. The authentication mechanisms My idea is to encourage the users to use the following two login methods:...
2f8n's user avatar
  • 1
2 votes
1 answer
193 views

I want to implement passkey support as a full replacement for passwords but I have some server-side state that still needs to be encrypted to a specific user in a way that can not be decrypted or ...
mcrute's user avatar
  • 123
-1 votes
1 answer
205 views

Does anyone know what kind of keys are being generated when you make a Fido2/Webauthn passkey? rsa2048, rsa4096, Ed25519, or something else? Just worried if its rsa2048 it might soon be crackable, at ...
Mohamed Hafez's user avatar
  • 199
8 votes
2 answers
3k views

Since I use 1Password to store my passkeys along with emails and passwords, it appears to be that passkeys are not as secure as using the email and password with U2F flow that I currently use on many ...
Eduardo Bautista's user avatar
  • 181
0 votes
0 answers
143 views

I am building a pure client-side app. My users have a .kdbx vault stored in localStorage, and they can open it with a password. In order to add a biometric\quick open feature into the app I thought ...
Wazime's user avatar
  • 101
0 votes
2 answers
289 views

I'm not entirely convinced of the importance of verifying the authenticator attestation, and I've asked a question about it, I'm open to it, and if you want, you can post an answer at that question, ...
DannyNiu's user avatar
  • 402
0 votes
1 answer
114 views

Previously some good fellow explained the importance of verifying the public key created and offered by authenticators. As before, given the complexity of a FULL implementation of RP operation, I ...
DannyNiu's user avatar
  • 402
2 votes
1 answer
262 views

Is PSD2's Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn? For the purposes of this question, I'm classifying all systems where an ...
Michael Altfield's user avatar
  • 1,196

15 30 50 per page
1
2 3 4