Lack of interest Support for Apple's Passkeys

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
This suggestion has been closed. Votes are no longer accepted.
Hi,

I'm suggesting support for Apple's Passkeys.

Done. (Well it's an add-on anyway.)

Passkey is Apple's naming for security keys/WebAuthn/FIDO2. Existing iPhones/Macs already work with it, Apple is just extending it so the device itself isn't the only device that the private key lives on (they are basically doing what they already do, and then adding the ability to sync the private key across multiple devices via iCloud Keychain).

 
Done. (Well it's an add-on anyway.)

Passkey is Apple's naming for security keys/WebAuthn/FIDO2. Existing iPhones/Macs already work with it, Apple is just extending it so the device itself isn't the only device that the private key lives on (they are basically doing what they already do, and then adding the ability to sync the private key across multiple devices via iCloud Keychain).

Essentially like Authy/Bitwarden's paid plans support for 2FA?
 
No clue what that is, so not sure. If it’s security keys/FIDO2/WebAuthn, then sure.
Authy is what you can use for the push authentication on android at least, where you verify you're logging in via your phone.
Bitwarden's 10/yr plan has a way to embed 2FA into the password entries and auto copies the 2FA after pasting password.
 
If it’s a password manager, or a changing number generator, then no, that’s different. This uses public/private key cryptology at its core similar to how you keep cryptocurrency secure.
 
Done. (Well it's an add-on anyway.)

Passkey is Apple's naming for security keys/WebAuthn/FIDO2. Existing iPhones/Macs already work with it, Apple is just extending it so the device itself isn't the only device that the private key lives on (they are basically doing what they already do, and then adding the ability to sync the private key across multiple devices via iCloud Keychain).


Definitely going to take a look at your addon but I think the suggestion is valid. I think something like this should be out of the box, so it reaches as many communities as possible and thus as many users as possible.
 
Definitely going to take a look at your addon but I think the suggestion is valid. I think something like this should be out of the box, so it reaches as many communities as possible and thus as many users as possible.
Yep, agreed. There's a suggestion for it already here: https://xenforo.com/community/threa...using-web-authentication-api-webauthn.145757/

Also, there would need to be some fundamental changes to XenForo to use it as true password-less authentication system. For example, if you were to use it as a primary authentication system with how XenForo works now, it really doesn't save time for the user. Like if you are going for one-click and registered, you have the issue of the user not having a username or email address, which gets tricky with XenForo and how users have to have a username. The other option is making users then pick a username and enter an email... at which point they aren't really saving any time, because you are back to what they are already doing to register.

I touched a little on it here: https://xenforo.com/community/threa...thentication-api-webauthn.145757/post-1570924

It is a fantastic option for two-step verification though (and that fits well within XenForo's existing scheme).

It's also probably why the companies that support it for end users (not just internal employees), I have yet to see one that uses it for true password-less login/registration. It's always used as a two-step verification. More on that here: https://xenforo.com/community/threa...thentication-api-webauthn.145757/post-1571276

It would be tough to rework XenForo in a way where usernames and emails are optional for users to support a true password-less registration flow.
 
Back
Top Bottom