Firefox supports WebAuthn, but as far as I could tell only with hardware tokens. I could not find a word about Firefoxs support of Passkeys (like Apple announced recently) anywhere
Personally I don't know why passkeys werent adopted much sooner, it seems such a long hanging fruit to just store the key in the FF password manager.
I use FF to support a web where there is not only one option, like Chrome, but FF keeps falling behind and behind instead of being at the forefront. This should be a top priority.
This would be a game changer if Firefox could not only use Passkeys but be able to store (FF passwords) or interact with external key stores (KeyChain/3rd party password managers) to store keys.
There seems to be a lot of confusion in this comment history so I want to clear up a bunch of stuff- WebAuthN/FIDO has always supported biometric authenticators on all other browsers (Chrome, Edge, Safari).- This is not a feature of Passkeys, it is a feature of WebAuthN. Only Firefox restricted WebAuthN to USB keys. On Edge, Chrome, Safari, one has been able to use Touch ID on Mac/iPhone, Windows Hello on Windows, and Android biometrics. IE - Firefox has been behind the 8 ball on this for a very long time.- The only thing "new" with Passkeys is it is a formalization on how to export and import those keys in an OS-level keychain, so that it works more cleanly across ecosystems.- IE - it is arguable the first, more basic, thing to be done is to simply support any authenticator on WebAuthN - that would be step 0 - and all of the rogues gallary commentary about iCloud keychain etc. is not applicable to any of that request.
Our product (www.nextlevel3.com) leverages passkeys as the primary authentication mechanism to allow users to lock and unlock their other application accounts. Most users do not have hardware keys so phone and built-in biometrics are much better options. The fact that this isn't supported in Firefox is a huge oversight. Our users will not be able to use Firefox. This is Ok for our product since most of our customers will be using our mobile app, but the fact that they can't use your browser points to a huge lost opportunity for other applications.
Firefox really needs passkeys that can be stored in the browsers keychain as well as QR code support. Currently cant sign in to sites due to not supporting the feature.
I'm a longtime user/supporter of Firefox/Mozilla & other openSource efforts (including financially) but not technically up on these details.
My perspective is security is fundamental. Period.
Though I'm resistant to use of proprietary solutions, non-secure solutions, or solutions with too much security overhead (which I view as poor usability) are not solutions for me.
I also think it would make a lot of sense for Firefox to implement this API like other browsers have. I remember when Firefox used to be a leader in implementing more secure protocols for the web. But those days are a sad and distant memory.
Don't chastise other users for not donating to mozilla. Why would anyone want to donate to them when they have been increasing their own executive salaries while firing all of their programmers? Even if people send patches and pull requests to improve the browser and fix bugs, they get ignored for years. Recently, Martin Thomson said that mozilla hasn't even begun to estimate "how much more effort it would take to finish" the implementation of JPEG-XL in Firefox. The funny thing is, it's already finished, the patches have already been written, they've been proposed in multiple pull requests that have been completely ignored by mozilla for years, and mozilla says they "don't have enough manpower" to click the merge button. Meanwhile you can already try out the patches for yourself in Waterfox, where JPEG-XL is enabled out of the box with full support for transparency, animation, and color profiles. So no, don't donate a penny to mozilla... Even if you donate code and do the work for them, it will still get ignored because the executives are really busy... When literally everyone working on their "next generation browser project" Servo was fired, that should have told you way back then that they no longer have an interest in actually building a product anymore. All that's left is to financially liquidate what is left of their reputation as the executives devour mozilla from the top.
Can we get s status update on this? Is it planned, spec’d or assigned?
So, from my perspective (I don't understand a lot about WebAuthN and the various modes in which it can operate), it seems supported in Firefox Mobile, but not on desktops.
For example, GitLab will prompt my phone for a fingerprint when I login, but it will not prompt my MacBook for a fingerprint when I login. Similar with Duo Mobile MFA on websites.
What this means under the hood in terms of U2F or other tech? I haven't a clue. I just want my device with a fingerprint reader to act as an MFA source like it will in chrome derivative browsers.
Having this in the roadmap is great. Thanks for your hard work.