I recently installed e/OS on my Pixel 4a and I’m impressed with the performance and app compability. The only thing missing is passkey / FIDO2 support, which is a bit puzzling regarding the security focus of e/OS.
I’m required by my company and several systems to safe a passkey and cannot use the simple time-based authentification code.
Please add this feature in the future so I can leave android behind and go full e/OS mode.
microG can do large parts of FIDO2 (as in U2F hardware key), passkeys were (better) specified in CTAP 2.1. For those discoverable credentials support seems around the corner, but the question of what stores + distributes the pkeys remains for the user / OS to provide (in the microg PR they’re put into screenlockcredentials.db, feels prototypish). I’d expect 1-2 more months of fleshing this out.
Independently you can use any implementation (and storage/distrib mechanism). Here’s a thread showing the use of bitwarden, generating pkeys off-device. You could use this today: Update about passkeys on /e/OS 2.6
I tried Bitwarden and other 2FA apps while searching for a solution for this. Sadly it didn’t work at all.
(in that bitwarden thread, creating the passkey off-device seems essential)
if the corp portals offer webauthn fully - you could also use a hardware key?
Maybe, but for the time being all of this sounds like too much of a hassle. I’ll just use another android phone and hope that e/OS will offer a better solution in the near future.
In any case thanks for the links!