Hacker News new | past | comments | ask | show | jobs | submit login

I hope there’s a FOSS way to manage my FIDO2 login tokens.

As long as there’s a command-line app that I can use instead of my phone (which I will never do), I’m good with this!

I’d be willing to help develop such an app.




There are a number of FOSS solutions.

- https://github.com/google/OpenSK <- DIY solution

- https://solokeys.com/

- https://www.nitrokey.com/

The issue with any FOSS solution is that FIDO requires an attestation private key, which must be shared between a batch of at least 100,000 security keys. Using a DIY or cli app solution (application running on the host) will likely mean you'll be generating that private key yourself, this makes you identifiable across registrations.

Some sites (Cloudflare) may reject the use of attestation keys which are not found on the Fido Alliance Metadata Service. This precludes the use of any DIY solution.

https://fidoalliance.org/metadata/

https://support.cloudflare.com/hc/en-us/articles/44068890480...


That's so dirty. Of course the centralized control is hidden in the details. Thanks for pointing that out.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: