Passkey / FIDO2 support

I recently installed e/OS on my Pixel 4a and I’m impressed with the performance and app compability. The only thing missing is passkey / FIDO2 support, which is a bit puzzling regarding the security focus of e/OS.

I’m required by my company and several systems to safe a passkey and cannot use the simple time-based authentification code.

Please add this feature in the future so I can leave android behind and go full e/OS mode.

microG can do large parts of FIDO2 (as in U2F hardware key), passkeys were (better) specified in CTAP 2.1. For those discoverable credentials support seems around the corner, but the question of what stores + distributes the pkeys remains for the user / OS to provide (in the microg PR they’re put into screenlockcredentials.db, feels prototypish). I’d expect 1-2 more months of fleshing this out.

Independently you can use any implementation (and storage/distrib mechanism). Here’s a thread showing the use of bitwarden, generating pkeys off-device. You could use this today: Update about passkeys on /e/OS 2.6

I tried Bitwarden and other 2FA apps while searching for a solution for this. Sadly it didn’t work at all.

(in that bitwarden thread, creating the passkey off-device seems essential)

if the corp portals offer webauthn fully - you could also use a hardware key?

Maybe, but for the time being all of this sounds like too much of a hassle. I’ll just use another android phone and hope that e/OS will offer a better solution in the near future.

In any case thanks for the links!

I’m using passkeys on my phone with /e/OS. I believe support for 3rd party passkey apps was added with Android 14.

What doesn’t work for you? I’m using /e/OS and Bitwarden for my passkeys without any issues…

the user wants to use passkeys (discoverable keys) out of the box - no bitwarden mechanism.

Unreleased microg v3.10.0 will bring along more support for passkey selection.

It’s probably christmas by the time this all lands in an /e/OS version.