cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
era
New member
Status: In development

Firefox supports WebAuthn, but as far as I could tell only with hardware tokens. I could not find a word about Firefoxs support of Passkeys (like Apple announced recently) anywhere

Personally I don't know why passkeys werent adopted much sooner, it seems such a long hanging fruit to just store the key in the FF password manager.

I use FF to support a web where there is not only one option, like Chrome, but FF keeps falling behind and behind instead of being at the forefront. This should be a top priority.

143 Comments
mcarbonneaux
Strollin' around

Also with support with local secure storage like android/ios and Windows (tpm via l'api cryptong) support the possibility to have secure key like fido external key.... But without key... Like 2fa attached to your device!

iverwayetows
Making moves

This would really improve my security on the internet. I hope it'll be delivered soon.

tuffi
New member

But the demo on https://www.passkeys.io/ is already functional...

Knarf
Strollin' around

I find it rather embarrassing that Mozilla is already holding a vote on this issue. This should be a topic that should have been publicly announced by Mozilla months ago. Where is your strategic orientation? Just the fact that the "big" competitors have already announced this confirms again that users should stay with Chrome e.t.c.

Crowbar66
New member

Please add passkey support to Firefox. 

ck90s3k
New member

This would be a game changer if Firefox could not only use Passkeys but be able to store (FF passwords) or interact with external key stores (KeyChain/3rd party password managers) to store keys.

FreddyMac
New member

There seems to be a lot of confusion in this comment history so I want to clear up a bunch of stuff

- WebAuthN/FIDO has always supported biometric authenticators on all other browsers (Chrome, Edge, Safari).

- This is not a feature of Passkeys, it is a feature of WebAuthN. Only Firefox restricted WebAuthN to USB keys. On Edge, Chrome, Safari, one has been able to use Touch ID on Mac/iPhone, Windows Hello on Windows, and Android biometrics. IE - Firefox has been behind the 8 ball on this for a very long time.

- The only thing "new" with Passkeys is it is a formalization on how to export and import those keys in an OS-level keychain, so that it works more cleanly across ecosystems.

- IE - it is arguable the first, more basic, thing to be done is to simply support any authenticator on WebAuthN - that would be step 0 - and all of the rogues gallary commentary about iCloud keychain etc. is not applicable to any of that request.

dmhdsut
New member

Our product (www.nextlevel3.com) leverages passkeys as the primary authentication mechanism to allow users to lock and unlock their other application accounts. Most users do not have hardware keys so phone and built-in biometrics are much better options. The fact that this isn't supported in Firefox is a huge oversight. Our users will not be able to use Firefox. This is Ok for our product since most of our customers will be using our mobile app, but the fact that they can't use your browser points to a huge lost opportunity for other applications. 

RyDawg
New member

FIDO Passkeys

Firefox really needs passkeys that can be stored in the browsers keychain as well as QR code support. Currently cant sign in to sites due to not supporting the feature.

drMikey
New member

I'm a longtime user/supporter of Firefox/Mozilla & other openSource efforts (including financially) but not technically up on these details.

My perspective is security is fundamental. Period.

Though I'm resistant to use of proprietary solutions, non-secure solutions, or solutions with too much security overhead (which I view as poor usability) are not solutions for me.

Coconut
Strollin' around

I also think it would make a lot of sense for Firefox to implement this API like other browsers have. I remember when Firefox used to be a leader in implementing more secure protocols for the web. But those days are a sad and distant memory.

Don't chastise other users for not donating to mozilla. Why would anyone want to donate to them when they have been increasing their own executive salaries while firing all of their programmers? Even if people send patches and pull requests to improve the browser and fix bugs, they get ignored for years. Recently, Martin Thomson said that mozilla hasn't even begun to estimate "how much more effort it would take to finish" the implementation of JPEG-XL in Firefox. The funny thing is, it's already finished, the patches have already been written, they've been proposed in multiple pull requests that have been completely ignored by mozilla for years, and mozilla says they "don't have enough manpower" to click the merge button. Meanwhile you can already try out the patches for yourself in Waterfox, where JPEG-XL is enabled out of the box with full support for transparency, animation, and color profiles. So no, don't donate a penny to mozilla... Even if you donate code and do the work for them, it will still get ignored because the executives are really busy... When literally everyone working on their "next generation browser project" Servo was fired, that should have told you way back then that they no longer have an interest in actually building a product anymore. All that's left is to financially liquidate what is left of their reputation as the executives devour mozilla from the top.

Seanieb
New member

Can we get s status update on this? Is it planned, spec’d or assigned? 

jamesharr
Strollin' around

So, from my perspective (I don't understand a lot about WebAuthN and the various modes in which it can operate), it seems supported in Firefox Mobile, but not on desktops.

For example, GitLab will prompt my phone for a fingerprint when I login, but it will not prompt my MacBook for a fingerprint when I login. Similar with Duo Mobile MFA on websites.

What this means under the hood in terms of U2F or other tech? I haven't a clue. I just want my device with a fingerprint reader to act as an MFA source like it will in chrome derivative browsers.

Honza
Employee
Employee

Quick update:

  • WebAuthn Level 1 + CTAP2 is riding the trains for Fx 112
  • WebAuthn Level 2 + 3 are planned to ride the Fx 116 train
  • Passkeys (though details are still about to figured out) earliest completion is Fx 120

 

Serandel
New member

Having this in the roadmap is great. Thanks for your hard work.