138
submitted 3 months ago* (last edited 3 months ago) by independantiste@sh.itjust.works to c/firefox@lemmy.ml

I just got the update on my phone on Google play, Firefox now supports 3rd party password managers for passkeys (on android 14+). Just tried it, and I got prompted with my 3rd party password manager, so it works!

you are viewing a single comment's thread
view the rest of the comments
[-] Moonrise2473@feddit.it 5 points 3 months ago

main issue for me is that i didn't see any way to invalidate old passkeys. I tried them in a few websites like ebay but it looks like they are valid forever so if my device is compromised, the attacker has access to my account in perpetuity even if i change the password

[-] Bitrot 10 points 3 months ago

You delete it from your account, that makes it invalid. Just like removing an entry from authorized_keys. If the site does this after changing the password or not is up to them.

[-] Moonrise2473@feddit.it 1 points 3 months ago

I mean, suppose that i save a passkey in my password manager, then because of my bad opsec someone else gets hold of it - if I delete it from my account, the attacker still has a copy and I have no way to invalidate it

I checked again on eBay, there's no "list of passkeys" even if I created 4 of them (one for each browser on each of my computer + one synced via password manager)

[-] Bitrot 6 points 3 months ago

eBay has implemented their passkey support poorly. “Turn off” will invalidate them. Most sites have a list of passkeys and you just delete the one you don’t want working anymore. At that point it doesn’t matter who has it, it’s useless.

this post was submitted on 20 Jul 2024
138 points (97.3% liked)

Firefox

17302 readers
129 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS