<!DOCTYPE html>
<html data-lt-installed="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body style="padding-bottom: 1px;" text="#000000" bgcolor="#ffd1bb">
<p><font size="5">Here are some screenshots and accompanying
description that might help everybody get on the same page with
regard to how the stuff works and more how much it doesn't work.</font></p>
<p><font size="5">I can log into my Amazon account on a desktop
computer using my passkey that is stored in my password manager
KeepassXC, however I cannot do the same thing in a browser or in
the app on my cell phone.<br>
</font></p>
<p><font size="5">Not to nitpick, but the Android app name is <span
style="background-color: rgb(255, 255, 0);">KeepassDX NOT XD</span>.</font></p>
<p><font size="5">There is another very popular Android app that I
use called Keepass2Android. Neither one of these has been
updated to support passkeys however there has been discussion in
their forums about how to do it only one app is developed by a
single person as far as I can tell and I don't think he knows
how to do what he needs to do.<br>
</font></p>
<p><font size="5">I have passkey set up on my Amazon account, and it
is stored in my Keepass databases.</font></p>
<p><font size="5">Here are some screenshots:</font></p>
<p><font size="5">KeepassXC on Windows, Mac, and Linux REQUIRES the
matching KeepassXC browser extension to be installed and paired
with the database. It is the browser extension that detects the
website wanting to set up a new passkey, and it intercepts that
communication. The actual Pass Key information is stored in the
database in the advanced section under additional attributes.
Cell phones don't have browser extensions and the Android app
doesn't know what to do with this data that is stored in the
database.<br>
</font></p>
<p><font size="5"><img
src="cid:part1.W7DsMlhb.ml2FZDm8@kingconsulting.us" alt=""
width="1049" height="509"><br>
</font></p>
<p><font size="5">This next picture is of the Android software
KeepassDX and you can see in the picture that it sees the
passkey information:</font></p>
<p><font size="5"><img
src="cid:part2.KbICK8Sk.J7bP0eBd@kingconsulting.us" alt=""
width="387" height="877"></font></p>
<p><font size="5">These next shots are from Amazon trying to log me
in using a passkey stored on my cell phone:</font></p>
<p><font size="5"><img
src="cid:part3.e8bHGGZs.wcuc1zK0@kingconsulting.us" alt=""><br>
</font></p>
<p><font size="5"><img
src="cid:part4.RF6OASyp.OR7IhoAH@kingconsulting.us" alt=""><br>
</font></p>
<p><font size="5">Amazon and Microsoft are asking me to use a QR
code and scan it with the device that has the pass key but the
phone which can scan QR codes doesn't know to open my password
manager to complete the task. There is a breakdown in
communication.<br>
</font></p>
<p><font size="5"><br>
</font></p>
<p><font size="5"><br>
</font></p>
<p><font size="5">Drew.<br>
</font></p>
<p><font size="5"><br>
</font></p>
<div class="moz-cite-prefix">On 10/17/2024 3:39 AM, Robert Primak
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1652934952.2412391.1729150788941@mail.yahoo.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div class="ydp7ee4e587yahoo-style-wrap"
style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;">
<div dir="ltr" data-setdir="false">From what I researched,
KeypassXC is the app for Windows, Mac and Linux, and KeepassXD
is for Android. If Syncthing is also used, the ecosystem could
operate entirely without a Cloud account. The database could
also be stored as the original or a copy on USB media, which
would make it available to any device as long as you have the
USB storage with the database on it at hand. </div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">KeypassXC and KeypassXD use
the same database format, but reading with KeypassXD from an
SD Card can be complicated by file system issues. (SD Cards
use a DOS (FAT) format, which often can't be read by modern
Android without going through some hoops.)</div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">KeypassXC and KeypassXD looks
like a fairly complete solution, with the database stored on
some sort of modern USB storage like a flash drive. An Android
phone would also need to be able to connect the flash drive to
USB-C, which is trivial these days. </div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">Compatibility issues between
Google and Microsoft implementations of passkeys are not the
fault of the standards people. Those companies are not using
the standards suggested by the FIDO Alliance, but proprietary
variations. The fault is with them, not the Alliance. There is
in fact only one standard officially recommended for
passkeys. </div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">-- Bob Primak </div>
<div dir="ltr" data-setdir="false"><br>
</div>
</div>
<div id="yahoo_quoted_9948118506" class="yahoo_quoted">
<div
style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div> On Thursday, October 17, 2024 at 01:46:31 AM EDT, Drew
King via LCTG <a class="moz-txt-link-rfc2396E" href="mailto:lctg@lists.toku.us"><lctg@lists.toku.us></a> wrote: </div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="yiv7002085028">
<div>
<p><font size="5">Correct.</font></p>
<p><font size="5">Right now 99% of the people who have
implemented passkeys have no idea where they are or
how to manage them, they just know that they work
somehow.<br clear="none">
</font></p>
<p><font size="5">That is one of the reasons why it is a
good idea to use a single platform for the use and
implementation of passkeys. Passkeys are still in
flux regarding the way they are managed because
there's no standard for sharing passkey information
between different products. If you're entirely in
an apple ecosystem then you have coordination, but
if you want to use even one Windows computer it
throws everything out of balance because there's no
sharing between Windows and Apple. <br clear="none">
</font></p>
<p><font size="5">My preference is to have all passkeys
stored in my password manager. Unfortunately, my
password manager is not under management of only one
developer or organization.<br clear="none">
</font></p>
<p><font size="5">I use an open source password manager
on my desktop platform and on my mobile devices and
the developer of the desktop app and the developer
of the mobile app are different, and they have not
coordinated in any way on how to share and use
passkeys.</font></p>
<p><font size="5">KeepassXC supports passkeys on
Windows, Linux and Mac. The information stored in
the database however does not coordinate with
Android or Apple mobile devices. Unlike with
BitWarden which develops the desktop app and the
mobile app, Keepass is too open right now. <br
clear="none">
</font></p>
<p><font size="5">If you use bitWarden on your PC and on
your phone, you can use passkeys and have them all
stored inside your BitWarden database rather than
randomly stored in different places on different
devices. Microsoft stores passkeys one way and
Google does it another way. Right now, the best way
to collect all of your pass keys in one place so
they can be easily managed is in a password manager
that supports passkeys across all hardware devices.
BitWarden is an example of one company that provides
passKeys across Android, Apple, Windows, Mac, and
Linux.</font></p>
<p><font size="5">Google is trying to make it easy to
use passkeys across Windows and Android by having
you store all of your password information in their
browser password manager, which many people don't
want to do.</font></p>
<p><font size="5">The passkey rollout I thought was
going to be clean, but it is not turning out to be
that way. The password manager that I use on my
phone, is coded by only one person and that makes it
very difficult for his customers to count on him to
be able to implement passkeys with other open source
developers that have no connection to him.<br
clear="none">
</font></p>
<p><br clear="none">
</p>
<p><font size="5">Drew</font><br clear="none">
</p>
<div id="yiv7002085028yqt06809"
class="yiv7002085028yqt1305243282">
<div class="yiv7002085028moz-cite-prefix">On
10/17/2024 1:13 AM, Rich Moffitt wrote:<br
clear="none">
</div>
<blockquote type="cite"> </blockquote>
</div>
</div>
<div>
<div id="yiv7002085028yqt31187"
class="yiv7002085028yqt1305243282">
<div>Minor point, but something to keep in mind:
you're not so much deleting the passkeys from the
lost device as you are invalidating the keys stored
on that device for use on a particular service. This
also means that if you have passkeys for 5 different
web sites on a single device, you may have to
invalidate the passkeys on each of the 5 sites
independently (unless they all use the same
authentication service).
<div><br clear="none">
</div>
</div>
<br clear="none">
<div class="yiv7002085028gmail_quote">
<div dir="ltr" class="yiv7002085028gmail_attr">On
Wed, Oct 16, 2024, 10:04 PM Drew King via LCTG
<<a rel="nofollow noopener noreferrer"
shape="rect" ymailto="mailto:lctg@lists.toku.us"
target="_blank" href="mailto:lctg@lists.toku.us"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">lctg@lists.toku.us</a>>
wrote:<br clear="none">
</div>
<blockquote
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"
class="yiv7002085028gmail_quote">
<div style="padding-bottom:1px;">
<p>All,</p>
<p>Additional info regarding Passkeys:</p>
<p>This is an article that covers a lot of
information and answers a lot of questions
about passkeys. One question that was asked
this morning at the meeting was what happens
if you lose your device that you installed a
passkey on. If somebody has your device and
they can log into it or unlock it then they
have your passkeys. This article covers how to
log into your Google account from a computer
and delete passkeys that are on your lost or
stolen device.<br clear="none">
</p>
<p><a rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="https://support.google.com/accounts/answer/13548313?hl=en&sjid=13375659196123546943-NA"
moz-do-not-send="true">https://support.google.com/accounts/answer/13548313?hl=en&sjid=13375659196123546943-NA</a></p>
<p><br clear="none">
</p>
<p><br clear="none">
</p>
<p><img alt="" moz-do-not-send="true"
width="1197" height="653"></p>
<div>-- <br clear="none">
Drew King <br clear="none">
<br clear="none">
<br clear="none">
</div>
<div
id="yiv7002085028m_5783206719160869362m_-3868915287918397107DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br
clear="none">
<table
style="border-top:1px solid rgb(211,212,222);">
<tbody>
<tr>
<td colspan="1" rowspan="1"
style="width:55px;padding-top:13px;"><a
rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
moz-do-not-send="true"><img alt=""
style="width:46px;min-height:29px;" moz-do-not-send="true" width="46"
height="29"></a></td>
<td colspan="1" rowspan="1"
style="width:470px;padding-top:12px;color:rgb(65,66,78);font-size:13px;font-family:Arial, Helvetica, sans-serif;line-height:18px;">Virus-free.<a
rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
style="color:rgb(68,83,234);"
moz-do-not-send="true">www.avast.com</a></td>
</tr>
</tbody>
</table>
<a rel="nofollow noopener noreferrer"
shape="rect"
href="#m_5783206719160869362_m_-3868915287918397107_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"
moz-do-not-send="true"> </a></div>
</div>
===============================================<br
clear="none">
::The Lexington Computer and Technology Group
Mailing List::<br clear="none">
Reply goes to sender only; Reply All to send to
list.<br clear="none">
Send to the list: <a
rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:LCTG@lists.toku.us"
target="_blank" href="mailto:LCTG@lists.toku.us"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">LCTG@lists.toku.us</a>
Message archives: <a
rel="nofollow noopener noreferrer" shape="rect"
target="_blank"
href="http://lists.toku.us/pipermail/lctg-toku.us/"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">http://lists.toku.us/pipermail/lctg-toku.us/</a><br
clear="none">
To subscribe: email <a
rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:lctg-subscribe@toku.us"
target="_blank"
href="mailto:lctg-subscribe@toku.us"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">lctg-subscribe@toku.us</a>
To unsubscribe: email <a
rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:lctg-unsubscribe@toku.us"
target="_blank"
href="mailto:lctg-unsubscribe@toku.us"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">lctg-unsubscribe@toku.us</a><br
clear="none">
Future and Past meeting information: <a
rel="nofollow noopener noreferrer" shape="rect"
target="_blank" href="http://LCTG.toku.us"
moz-do-not-send="true">http://LCTG.toku.us</a><br
clear="none">
List information: <a
rel="nofollow noopener noreferrer" shape="rect"
target="_blank"
href="http://lists.toku.us/listinfo.cgi/lctg-toku.us"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br
clear="none">
This message was sent to <a
rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:rich@richmoffitt.org"
target="_blank"
href="mailto:rich@richmoffitt.org"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">rich@richmoffitt.org</a>.<br
clear="none">
Set your list options: <a
rel="nofollow noopener noreferrer" shape="rect"
target="_blank"
href="http://lists.toku.us/options.cgi/lctg-toku.us/rich@richmoffitt.org"
class="yiv7002085028moz-txt-link-freetext moz-txt-link-freetext"
moz-do-not-send="true">http://lists.toku.us/options.cgi/lctg-toku.us/rich@richmoffitt.org</a><br
clear="none">
</blockquote>
</div>
</div>
<div class="yiv7002085028moz-signature">-- <br
clear="none">
Drew King <br clear="none">
<br clear="none">
<br clear="none">
</div>
</div>
</div>
<div class="yqt1305243282" id="yqt27172">===============================================<br
clear="none">
::The Lexington Computer and Technology Group Mailing
List::<br clear="none">
Reply goes to sender only; Reply All to send to list.<br
clear="none">
Send to the list: <a shape="rect"
ymailto="mailto:LCTG@lists.toku.us"
href="mailto:LCTG@lists.toku.us" moz-do-not-send="true"
class="moz-txt-link-freetext">LCTG@lists.toku.us</a>
Message archives: <a shape="rect"
href="http://lists.toku.us/pipermail/lctg-toku.us/"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.toku.us/pipermail/lctg-toku.us/</a><br
clear="none">
To subscribe: email <a shape="rect"
ymailto="mailto:lctg-subscribe@toku.us"
href="mailto:lctg-subscribe@toku.us"
moz-do-not-send="true" class="moz-txt-link-freetext">lctg-subscribe@toku.us</a>
To unsubscribe: email <a shape="rect"
ymailto="mailto:lctg-unsubscribe@toku.us"
href="mailto:lctg-unsubscribe@toku.us"
moz-do-not-send="true" class="moz-txt-link-freetext">lctg-unsubscribe@toku.us</a><br
clear="none">
Future and Past meeting information: <a shape="rect"
href="http://LCTG.toku.us" target="_blank"
moz-do-not-send="true">http://LCTG.toku.us</a><br
clear="none">
List information: <a shape="rect"
href="http://lists.toku.us/listinfo.cgi/lctg-toku.us"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br
clear="none">
This message was sent to <a shape="rect"
ymailto="mailto:bobprimak@yahoo.com."
href="mailto:bobprimak@yahoo.com."
moz-do-not-send="true" class="moz-txt-link-freetext">bobprimak@yahoo.com.</a><br
clear="none">
Set your list options: <a shape="rect"
href="http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com</a><br
clear="none">
</div>
</div>
</div>
</div>
</blockquote>
<div class="moz-signature">-- <br>
Drew King
<br>
<br>
<br>
</div>
</body>
<lt-container></lt-container>
</html>