this post was submitted on 23 Aug 2025
38 points (97.5% liked)

Open Source

40231 readers
272 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
38
VoidAuth Release v1.1.0 - Passkey-only Users ๐Ÿ”‘ (github.com)
submitted 5 days ago by notquitenothing@sh.itjust.works to c/opensource@lemmy.ml
9 comments fedilink hide all child comments
 

VoidAuth is a self-hosted Single Sign-On solution that aims to be easy to setup and use while feeling seamless to your users. Release v1.1.0 brings a few new features I have been working on and am excited about:

  • Passkey-only Users, the option on sign-up to use a passkey instead of a password.
  • Admin Notification Emails, so admins know when they have new tasks such as user registrations to approve.
  • Approval Emails for New Users, so new users awaiting approval know when they have been.
  • DEFAULT_REDIRECT back to your main page for invitations, logouts, etc.
  • and more!
you are viewing a single comment's thread
view the rest of the comments
[โ€“] vort3@lemmy.ml 10 points 5 days ago (8 children)

Sorry for being silly here, I've been kind of out of the loop with recent technology, what exactly is "passkeys"? I remember reading something when it was announcement, but all I saw was lots of buzzwords and vague "it's new and it's very good" claims.

Is it like, an alternative authorization method? Is it a second factor after I type my login/password, or does it replace passwords? What does it look like, from users perspective?

[โ€“] Penta@lemmy.world 7 points 5 days ago (6 children)

I replaces passwords with a cryptographic key. When you register at a website, you do not put in a password, instead it generates a key-pair, kinda like you would have with ssh auth. Usually to login you use biometrics, which will unlock the keys on your device. Advantage is that they are phishing resistant (the keys are bound to a specific domain), convenient and if the database of the website is leaked, it doesnt matter since they can only store your public key, which is worthless for authentication.

[โ€“] Flagstaff@programming.dev 2 points 5 days ago (3 children)

But passkeys so often call for your Windows login (for those on Windows); doesn't that only give more power to Microsoft?

[โ€“] hedgehog@ttrpg.network 4 points 4 days ago

You can store passkeys in (and use them from) a password manager instead of the OSโ€™s secret vault. I think most major password managers support this now - Bitwarden definitely does.

load more comments (2 replies)
load more comments (4 replies)
load more comments (5 replies)