Passkeys are an open standard. You need to install a Webauthn-compliant supplicant that talks to the browser. The supplicant can be anything, as long as it does the required protocol. The browser doesn’t care.
At the moment the browsers are the main problem. They need to open their APIs properly.
Not necessarily. I found out that bitwarden can generate a QR code that you just scan with your phone that allows your phone to act as a passkey, no browser support required. I was surprised when I discovered that. I had set up my phone as a passkey in Windows, and Windows can use phones as a passkey directly; on Linux that’s not supported so it just gave me a QR code that worked seamlessly. It’s not like a browser URL, but actually triggers the phone’s passkey authentication, kinda like QR codes for WiFi authentication. Pretty neat.
They work with companies to integrate TOTP into their system, but it’s a bastardized version of the open standard. You cannot use standard TOTP software with the Symantic integration.
They want you to use their proprietary app on your phone.
You can however, take symantics crazy code, go through a converter, and then use a standard TOTP app.
But this is a great example of enshitification of an open standard.
Passkeys are an open standard. You need to install a Webauthn-compliant supplicant that talks to the browser. The supplicant can be anything, as long as it does the required protocol. The browser doesn’t care.
At the moment the browsers are the main problem. They need to open their APIs properly.
TOTP is an open standard but look at how bad companies have fucked that up.
Not necessarily. I found out that bitwarden can generate a QR code that you just scan with your phone that allows your phone to act as a passkey, no browser support required. I was surprised when I discovered that. I had set up my phone as a passkey in Windows, and Windows can use phones as a passkey directly; on Linux that’s not supported so it just gave me a QR code that worked seamlessly. It’s not like a browser URL, but actually triggers the phone’s passkey authentication, kinda like QR codes for WiFi authentication. Pretty neat.
Counter example Symantics TOTP. https://vip.symantec.com/
They work with companies to integrate TOTP into their system, but it’s a bastardized version of the open standard. You cannot use standard TOTP software with the Symantic integration.
They want you to use their proprietary app on your phone.
You can however, take symantics crazy code, go through a converter, and then use a standard TOTP app.
But this is a great example of enshitification of an open standard.
Ah yes the classic MS “embrace and extend”