• General
  • GrapheneOS support for passkeys

  • [deleted]

Will GrapheneOS be able to fully support passkeys? https://developers.google.com/identity/fido/

This is the part that makes me wonder:

"What happens if a user loses their device?
Passkeys created on Android are backed up and synced with Android devices that are signed in to the same Google Account, in the same way as passwords are backed up to the password manager.

That means a users' passkeys go with them when they replace their devices. To sign into apps on a new phone, all users need to do is unlock their phone."

Is it possible to provide this using Sandboxed Google Play Services? Or will this probably require more privileged access that GrapheneOS can not support?

  • [deleted]

Fido2 woking fine on GrapheneOS

  • [deleted]

  • Edited

I know that security keys using FIDO2 work fine. I'm asking whether it will be possible to use passkeys specifically and let them be synced with a Google account

a year later

It would be great to get an answer of an admin or gos developer whether gos and vanadium will support passkeys in future. I did try with for example with bitwarde. No chance.

    dirksche Passkeys stored in Google Password Manager do not work. Passkeys stored in third party password managers can work through Android 14 API although some password managers whitelist which browser is allowed to use them and Vanadium may not be in the list. (I'm not a GOS dev)

    Thanks for your fast reply. I'm on Android 14. I installed bitwarden, enabled chrome://flags/#web-authentication-android-credential-management and set bitwarden as app for passkeys and passwords (in system settings).
    But still I can't create a passkey. Neither on passkeys.io nor on github.

      Even if I created a passkey in bitwarden on an other system (desktop) and it is stored, vanadium does not use bitwarden to manage passkeys.

      Thank you for this important information. Good to know.