If this gets implemented it will be the first step in showing that passkeys are a viable alternative to passwords in a meaningful way.

That is, there is no vendor lock in to multinational corps only interested in their bottom line and selling your data. They aren't tied to a device that can be lost, stolen or broken, or requiring you to have multiple devices just in case; and not tied to biometrics.

Lastly this means there is a proper open source, offline version that is portable across devices, browsers, and ecosystems. Putting the user back in control.

wkat4242

Absolutely, this is the one reason I'm not interested in passkeys yet. I want to fully own my authentication keys myself. Not trusting Google or Microsoft for that.

I hope it comes to zx2c4 pass too <3

cyphar

I don't understand which part of FIDO/WebAuthn requires "trusting Google or Microsoft"?

speed_spread

The part where they are the sole implementors of the spec.

vladvasiliu

What do you mean? I run Keycloak for my home lab authentication needs and can use my YubiKey as a Webauthn factor from Firefox running on my Linux PC.

The only part where MS comes into the picture is the "Microsoft Windows" sticker on the bottom of the laptop, since HP shipped windows pre-installed.

eulers_secret

Even forcing people to buy yubikeys is an antipattern.

We shouldn’t be forced to spend money at any company. Where are the Free (beer and Libre) methods??

vladvasiliu

There was a kinda-free option (as in you had to have an iPhone, but the app itself was free). Krypt.co had this based on the iphone's secure enclave. It was bought by Akamai, and it's not clear what state it's in.

https://krypt.co/

I think there was also an implementation for mac os based on the t1/t2 chip, but since I've never had such a mac, I've never looked properly into that. But that probably means that you could roll your own.

A quick google search yields this for Linux with a TPM: https://github.com/psanford/tpm-fido