138
Firefox on Android now supports Passkeys with 3rd-party password manager integration! (sh.itjust.works)
submitted 2 years ago* (last edited 2 years ago) by independantiste@sh.itjust.works to c/firefox@lemmy.ml
13 comments fedilink hide all child comments

I just got the update on my phone on Google play, Firefox now supports 3rd party password managers for passkeys (on android 14+). Just tried it, and I got prompted with my 3rd party password manager, so it works!

all 15 comments
sorted by: hot top controversial new old
[-] maniel@sopuli.xyz 11 points 2 years ago* (last edited 2 years ago)

Got this update but it doesn't seem to work for me with bitwarden, what password manager do you use?

[-] ChiefGhost295@lemmy.one 3 points 2 years ago

There seems to be a specific problem with registering passkeys, but logging in should work fine if you have already registered a passkey for a site. Not sure if this is the case with all password managers, or just Bitwarden.

[-] independantiste@sh.itjust.works 2 points 2 years ago

Proton Pass

[-] astro_ray@lemdro.id 6 points 2 years ago

Pass keys has so many issues that they still haven't figured out. Unless it attains a bit of maturity I will not use it.

[-] independantiste@sh.itjust.works 12 points 2 years ago

I really like them as a more secure way of logging in, its basically what authentication should have been all along (and weve been doing it all along, with SSH keys!). Its about time we take that private/public key concept and apply it to user accounts

[-] Moonrise2473@feddit.it 5 points 2 years ago

main issue for me is that i didn't see any way to invalidate old passkeys. I tried them in a few websites like ebay but it looks like they are valid forever so if my device is compromised, the attacker has access to my account in perpetuity even if i change the password

[-] Bitrot@lemmy.sdf.org 10 points 2 years ago

You delete it from your account, that makes it invalid. Just like removing an entry from authorized_keys. If the site does this after changing the password or not is up to them.

[-] Moonrise2473@feddit.it 1 points 2 years ago

I mean, suppose that i save a passkey in my password manager, then because of my bad opsec someone else gets hold of it - if I delete it from my account, the attacker still has a copy and I have no way to invalidate it

I checked again on eBay, there's no "list of passkeys" even if I created 4 of them (one for each browser on each of my computer + one synced via password manager)

[-] Bitrot@lemmy.sdf.org 6 points 2 years ago

eBay has implemented their passkey support poorly. “Turn off” will invalidate them. Most sites have a list of passkeys and you just delete the one you don’t want working anymore. At that point it doesn’t matter who has it, it’s useless.

[-] otter@lemmy.ca 3 points 2 years ago

Which version of the app is this? I assume the update isn't available in my region yet or something

[-] independantiste@sh.itjust.works 4 points 2 years ago* (last edited 2 years ago)

128.0.1, in Canada, you also need android 14+

[-] otter@lemmy.ca 1 points 2 years ago

Odd, I'm probably looking in the wrong place. I'll look into it more, thanks :)

[-] lud@lemm.ee 2 points 2 years ago

Release notes: https://www.mozilla.org/en-US/firefox/android/128.0/releasenotes/

this post was submitted on 20 Jul 2024
138 points (97.3% liked)

Firefox

22664 readers
32 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
golden_zealot@lemmy.ml