Results 1 to 3 of 3

Thread: FIDO2 Passwordless WebAuthn Linux support ?

  1. #1
    Join Date
    May 2010
    Beans
    34
    Distro
    Xubuntu

    Question FIDO2 Passwordless WebAuthn Linux support ?

    I've tested a few FIDO2 authenticators with Ubuntu (Xubuntu 18.04 to be exact) and I couldn't get passwordless authentication to work with Firefox. This isn't in official Ubuntu support forum, because I think this is much more generic issue.

    Does anyone know if there's a project to add FIDO2 passwordless support to Linux? With Windows it seems that the passwordless authentication is handled by the Operating System prompt window, but normal U2F is handled by Firefox.

    I do find several posts (forums, blogs, articles) about Linux needs FIDO2 support, but I couldn't find any information if it's being already developed.

    - Thank you

    My test posts: [ SoloKeys & FIDO2 & U2F with Linux / Ubuntu in general & eWBM L2 ]

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: FIDO2 Passwordless WebAuthn Linux support ?

    I am clueless, but not using passwords violates the entire idea of 2FA, doesn't it?

    https://www.linuxjournal.com/content...tion-yubikey-5

    Linux isn't Windows, as you know.

  3. #3
    Join Date
    May 2010
    Beans
    34
    Distro
    Xubuntu

    Re: FIDO2 Passwordless WebAuthn Linux support ?

    Violate 2FA / MFA? No, it's 2FA. With SoloKeys and most of Level 1 FIDO2 Authenticators, you'll be using PIN to unlock private key stored in HSM = 2FA. And with Level 2 like the eWBM Biometric Goldenkey equipped with fingerprint reader you'll use fingerprint t o unlock the private key stored in HSM.

    In both cases even if it's passwordless, it's still a 2FA authentication using two factors.

    Sure I know Linux isn't Windows. But having FIDO2 authentication to work would be great. This is one of the standards which I personally happen to really like, because it solves so many classic problems of authentication.

    I've had so many long discussions about these questions and approaching the problem from different aspect. Some would prefer the standard system key manager to support features required for WebAuthn and so on. Fact is that nothing prevents doing software implementation, as well as there's support for native HSM modules like TPM and Android Keystore, etc.

    I'm quite sure someone will come up with PAM module for Linux login. But it still doesn't fix the inherent lack of support for FIDO2.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •