Support Webauthn authentication in the frontend. This will allow use of hardware security keys as well as passkeys. Ideally this should be offered as an alternative to a password, instead of as an MFA method.
+1 this would be really awesome!!
+1 on this. Google supporting passkeys since a few days official.
+1 I hope to increase security
+1 itās mandatory
would be great to get this feature available. Thanks in advanced for taking care about.
This could greatly increase login security for HA Servers that are exposed to the internet, as these already have HTTPS in most cases, it could either be used as MFA/2FA module (username+password+security key) or one could use it as a replacement for usernames/passwords by taking advantage of the new Passkey standard that the current versions of Android, Windows 11 and (AFAIK) all Apple OSes have built-in
+1 would be very helpful
+1 would also like to see passkeys in HomeAssistant
I think it would be ideal to do either/both. Sometimes it is useful to be able to fall back to username+password+TOTP
I have no idea how I missed ths one.
ABSOLUTELY and with high priority.
Every system that exposes an end user login on the Internet needs to work towards passkey auth. Full stop.
Today is Nov 3. Microsoft just released passkey auth in win11 so I can already log in to 5/9 of my daily driver websites with a passkey. Two of those I canāt are this community website and my HA install. That needs to change.
At least here you can link your community-account to your GitHub account. And GitHub supports WebAuthn for a while. So one less where you canāt login with SSO.
Thatās good to know! I generally donāt use federated auth to login like that. But for this one Iād make an exception.
+1 on that, yeah!
+1
Bitwarden also support passkey storage.
Supported in Vaultwarden 1.30.0 and soon in GitHub - hassio-addons/addon-bitwarden: Vaultwarden (Bitwarden) - Home Assistant Community Add-ons
+1
I have installed oauth2proxy with keycloak as access security service, which works fine. Unfortunately, HAās in-app browser does not allow WebAuthn (Passkeys). It would be great if the in-app browser in iOS would allow WebAuthn requests.
+1
I would love this.
I have been playing with passkeys inside Home Assistant this weekend and it seems not that hard to implement. But canāt do this alone.
First of all, Iāve opened an discussion at Add Passkey as alternative authentication method Ā· home-assistant/architecture Ā· Discussion #1001 Ā· GitHub, but discussions are not feature requests. Then I found this topic .
Also: I actually have no idea what I am doing. I would be the last to ask about security and authentication. But I love to learn new things and see how it works. Thatās why I looked up āHow to implement passkeysā and get to work.
It would be cool to have this added, but this would be a bit to big of a project for ājust meā. And I am sure there are quite some ideas already.
Is it possible?
My preliminary answer is yes, of course. Here are my findings:
- Implementing the frontend on the web is possible. Iāve tested generating keys, and it works nicely.
- Iāve used the example code from GoogleChromeLabs/passkeys-demo and some documentation from https://webauthn.io and integrated it into Home Assistant.
- Implementing this in the apps should be possible, but itās unknown how difficult it would be.
- The backend uses Python, and there is a well-maintained Python library that can be used. Iāve tested this, and it works as expected.
What have I done so far.
See the PR below. Iāve added the minimum to allow generating passkeys. Iāve hacked in without known what I actually knowing what I am doing just to get it to work.
So, if you have any ideas or know where to help, feel free to ping me!
Edit: Due some personal events I am unable to continue this project in the near future. Feel free to pick where I left.
i also agree that passkeys is the way to go, all the major browsers support it, btw DCSBL good to see there is some preliminary work that has been done