I just got the update on my phone on Google play, Firefox now supports 3rd party password managers for passkeys (on android 14+). Just tried it, and I got prompted with my 3rd party password manager, so it works!
I just got the update on my phone on Google play, Firefox now supports 3rd party password managers for passkeys (on android 14+). Just tried it, and I got prompted with my 3rd party password manager, so it works!
I really like them as a more secure way of logging in, its basically what authentication should have been all along (and weve been doing it all along, with SSH keys!). Its about time we take that private/public key concept and apply it to user accounts
main issue for me is that i didn’t see any way to invalidate old passkeys. I tried them in a few websites like ebay but it looks like they are valid forever so if my device is compromised, the attacker has access to my account in perpetuity even if i change the password
You delete it from your account, that makes it invalid. Just like removing an entry from authorized_keys. If the site does this after changing the password or not is up to them.
deleted by creator