John
@treats.now
Could you live a daydream through a computer? https://treats.now
I did not know about this! (I generally use Firefox.) Looks great - I'll definitely keep this in mind for credential management.
FWIW I assume users like me who prefer hardware tokens are probably in the minority, but credential discoverability in general seems like a complex problem to tackle.
FWIW I assume users like me who prefer hardware tokens are probably in the minority, but credential discoverability in general seems like a complex problem to tackle.
October 3, 2025 at 7:36 PM
I did not know about this! (I generally use Firefox.) Looks great - I'll definitely keep this in mind for credential management.
FWIW I assume users like me who prefer hardware tokens are probably in the minority, but credential discoverability in general seems like a complex problem to tackle.
FWIW I assume users like me who prefer hardware tokens are probably in the minority, but credential discoverability in general seems like a complex problem to tackle.
Listing YubiKey passkeys on Linux requires running ykman in a terminal and entering my PIN. Deleting a credential requires running ykman, entering the credential ID, entering my PIN again, and then confirming I want to delete the key. Discovery is easy for the client; less so for the user.
October 3, 2025 at 7:05 PM
Listing YubiKey passkeys on Linux requires running ykman in a terminal and entering my PIN. Deleting a credential requires running ykman, entering the credential ID, entering my PIN again, and then confirming I want to delete the key. Discovery is easy for the client; less so for the user.
Varying layer of desktop/mobile/password manager/hardware support can make it hard to know "where" a passkey is in a way that memorizing a password does not. Also, hardware keys may have smallish limits on passkey storage that aren't readily visible. YubiKeys come to mind in the latter case. (cont)
October 3, 2025 at 6:59 PM
Varying layer of desktop/mobile/password manager/hardware support can make it hard to know "where" a passkey is in a way that memorizing a password does not. Also, hardware keys may have smallish limits on passkey storage that aren't readily visible. YubiKeys come to mind in the latter case. (cont)
Definitely. I would use off-the-shelf libraries if I was doing this for a production project; for personal things though I like to dig in and really see how things work. Having example code, diagrams, and clear algorithms available were all a huge help. Plus, passkeys are just fun to tinker with.
October 3, 2025 at 6:46 PM
Definitely. I would use off-the-shelf libraries if I was doing this for a production project; for personal things though I like to dig in and really see how things work. Having example code, diagrams, and clear algorithms available were all a huge help. Plus, passkeys are just fun to tinker with.
I think the most valuable part of this exercise was really in getting to know the Web API ecosystem and modern HTML/JS a little better. I'm sure for many Web applications you can't really just use only new and fancy APIs, but since WebAuthn itself is new it means you necessarily do have to use them.
October 2, 2025 at 3:54 PM
I think the most valuable part of this exercise was really in getting to know the Web API ecosystem and modern HTML/JS a little better. I'm sure for many Web applications you can't really just use only new and fancy APIs, but since WebAuthn itself is new it means you necessarily do have to use them.
For context: I'm looking to sign JWTs using a PKCS#11 token for a personal project. cryptoki works for the PKCS#11 side of things. (Also, It's probably more correct to say that I'm looking for a JOSE crate.)
September 14, 2025 at 11:32 PM
For context: I'm looking to sign JWTs using a PKCS#11 token for a personal project. cryptoki works for the PKCS#11 side of things. (Also, It's probably more correct to say that I'm looking for a JOSE crate.)