Support secure authentication with Passkey

nelson.aponte · January 15, 2024, 8:37am

Hi, everyone.

I believe it’s about time we improve the security of the platform. Therefore, I created the following issue on GitHub:

Support secure authentication with Passkey

opened 08:24AM - 15 Jan 24 UTC

It is widely known that usernames and passwords are insecure access control mech…anisms and go against one of the premises of the cloud service, i.e., security. We should implement Passkeys as a means of strong authentication for the accounts with a fall-back to passwords for those who don't like or can't use Passkeys. https://web.dev/articles/passkey-registration https://developer.apple.com/passkeys/ https://developers.google.com/identity/passkeys https://www.corbado.com/blog/passkey-tutorial-how-to-implement-passkeys

I recently watched a couple of amazing videos about OH, where the author suggests not using myopenhab due to its weak authentication mechanism:

I wonder what you guys think and also whether passkey should be implemented on the MainUI.

Do you want to see Passkeys implemented on _____?

myopenhab.org
MainUI
None

0 voters

Looking forward to your comments.

Best regards.

rlkoshak · January 16, 2024, 3:10pm

As currently posted, I wonder if you mixing things.

myopenhab.org has a completely different authentication and authorization mechanism from MainUI.

That video is talking about myopenhab.org.

I definitely think anything that can be done to add TFA, FIDO2 keys, Passkeys, webauth, etc. to the Cloud Server would be a very good thing. I’d also like to see emails being sent for new logins and any changes to login parameters.

I’m not so sure that doing so for MainUI buys much protection so the balance of added complexity needs to be weighed against the risks it would mitigate.

nelson.aponte · January 16, 2024, 3:24pm

Hi, @rlkoshak.

I know myopenhab.org and MainUI are completely independent, and I’m sure this feature is lacking on myopenhab.org. Yet, like you, I’m not sure whether implementing Passkey on the MainUI could be useful or just a burden, so I raised the topic for the community to share their views.

I didn’t want to create 2 separate topics because I didn’t know how the topic would develop, but if required I could start a separate one.

rlkoshak · January 16, 2024, 3:29pm

I think adding support for 2FA (of any sort) to MainUI will need to happen eventually. But it’s probably premature to do so at this stage.

nelson.aponte · January 16, 2024, 3:31pm

I added a poll at the top for people to easily “vote”.

Kai · January 17, 2024, 11:01am

I’m not sure such votes make too much sense. In general, having passkey support is something cool and I guess nobody would mind to have it (as it is usually an additional way of auth, not replacing other ways). So it is mainly a matter of finding a developer, who’s volunteering to work on it.

system · February 28, 2024, 3:01am

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.