Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
Until someone can explain to me how I can transfer, manage and control my passkeys without syncing them to some hostile corporation’s cloud infrastructure, passkeys will remain a super hard sell for me.
You can use Bitwarden to store passkeys. Not sure if the self hosted solution has support for it yet though.
I must admit that, despite reading about passkeys a bit, I still don’t understand the actual practicalities. I seem to recall that Bitwarden can store keys, but can’t generate them. If that’s true, who generates the passkey?
Bitwarden can both generate and store them in the browser extension. It can also use them through the browser extension but it can’t yet use them through the mobile apps (they’re working on it).
Bitwarden pro right? ($10 for the year, totally worth it). My mobile app can create/use them already too.
Don’t need the premium version of Bitwarden to use passkeys. The free version works.
That said, $10 per year is not a big cost to support the company storing your vault and developing the apps.
2024.1.2 released with self-hosted server passkey support.
TBH though I would not trust myself to self host my keys to my digital life when the alternative is $40/year for the whole family. You may have a different perspective though.
Vaultwarden does at least, I’ve been using it with passkeys for the last couple months and it’s been great.
I currently use Syncthing to keep my Keepass database updated on my phone, laptop, and home server. Any change anywhere is instantly sent directly to the other 2 devices.
Yeah, I do the same but with nextcloud.
How’d you get nextcloud actually working? I’ve tried a few times and it was never stable.
I use the ebuild on Gentoo, combined with some custom nginx config, and a dedicated php-fpm instance just for Nextcloud. Never tried using any of the Docker packages for it so I can’t comment on those.
Updates involve merging the new package and running webapp-config to link the files into place, running occ upgrade, and refreshing ownership of the php files. Never had a serious problem with it.
this is the way
you can even tweak folders to either send or receive only on some devices
plus if you really want to be safe you can set file versioning and ignore deletes on a folder to make it strictly backup on more than one device
no internet connection required, you can set it all on lan
I think it is my favorite open-source project after Torvalds’ creations
You can create passkeys on individual devices without cloud syncing them. This is a normal usage pattern. How exactly this will be handled depends on the implementation.
Depends on where the line is as far as evil goes. Most of the popular password managers are now starting to support storing passkeys.
I draw the line at the password manager being fully local.
KeePass
Self hosted password keeper
I already use KeePass, but as far as I know it doesn’t do passkeys, only passwords?
I haven’t seen anything about the original KeePass supporting them but KeePassXC is working on it:
https://github.com/keepassxreboot/keepassxc/issues/1870
I have been super hesitant to look into KeePassXC, should I give it a chance?
Of course, unless I can also access these features on my phone it doesn’t really matter…
I recently switched to KeePassXC and it looks nicer and is easier to use. The also include some addon functionality into the app so you don’t need to trust that. The only downside is that it doesn’t automatically fills the browser text fields, you have to click on a green icon in the text field - but that is more secure. They also have an android app.