Help Wanted: Test Passkey Authentication

I’m finalizing the admin interface for the modular (“new”) Armadietto. Please surf to the beta-test server and request an invite. When the invite arrives (they have to be sent manually at this point), please redeem it, then have at least one RS app connect to the server.

The modular server uses passkey authentication only, so there are no passwords. Unfortunately, the RS protocol doesn’t allow us to eliminate usernames as well. :frowning: Testing using Windows and hardware security keys would be especially helpful.

E-mail is not very secure, so a variety of protocols are supported. If you request an invite for anything other than Signal, FaceTime, Skype, e-mail or SMS, I’ll need another way to send you the invite. Eventually, the list of protocols will be customizable.

1 Like

I’m not sure that’s the best way forward. See e.g. Firstyear's blog-a-log for a rundown of issues with passkeys. I’ve also played around with them myself, and it was a rather bumpy ride indeed.

Passwords are well understood, simple, and people can decide for themselves how to secure them, sync them, and back them up. Forcing people to use a new protocol with lots of issues, which older OSs, browsers, and devices don’t even support, seems like a step backwards, not forwards.

I think Passkeys should be optional anywhere they are offered. Or at least it should be configurable for people self-hosting their own server.

Edit: invitation requested…