We’ve had certificate authentication (backed by hardware) for ages. We could fix the UX there and be done with it, but nooooo, we are reinventing everything again. (Tangentially related: JWT, OIDC and SAML are basically kerberos with extra steps.)

[–] rumba@lemmy.zip 1 points 1 day ago (1 children)

I've been using certificate based auth on https for ages on my ops stuff. Most devices support just slapping an SSL/TLS key into their os, but not everything.

But when I wanted to use it for Jellyfin, I found TVs and sticks aren't all straightforward.

In your link, they closed that ticket as not planned because they intend to implement FIDO's secure exchange protocols. https://github.com/keepassxreboot/keepassxc/issues/11363

It should (hopefully) be secure when they get done.

[–] enumerator4829@sh.itjust.works 2 points 1 day ago

I mean, the passkey is still in there. It’s protected by convention. It’s a bearer token wrapped in a password manager, presented as a revolution.

We have the technology, can we please pour the same amount of resources into what we’ve already had for decades? Passkeys solve the UX issue for ”normal people”, that’s the selling point.