Qubes OS browser extension for passwords and passkeys #9695
Comments
DemiMarie
added
T: enhancement
|
Demi, isn't this issue two things, the server side and the client side? Shouldn't they be two issues to not limit the server side and client side implementation to one design? The title specifies the client implementation:
But that would limit to only configured browses to use that, an not other browsers or local applications. That is limiting the usage of this tool. Can it be not specific to browsers? Or are you talking about a specific key that is used only in browsers such as Android device being used as a security key? |
|
A better approach would be the following:
It would be simpler to implement 3 directly in terms of a Qubes OS-specific interface, but this would not integrate with or advance the broader Linux desktop ecosystem. I would prefer for Qubes OS to not do everything itself. @marmarek: Is it okay to use D-Bus as a cross-VM wire protocol, if the D-Bus server is written in a memory-safe language? |
No. |
How to file a helpful issue
The problem you're addressing (if any)
Password management in Qubes OS is non-trivial and not (inherently) phishing-resistant. Browsers on Qubes OS do not support passkeys.
The solution you'd like
Qubes OS should provide a browser extension that implements password and passkey management. The browser extension would use Native Messaging to communicate with a daemon (written in Python or Rust) that in turn communicates with the vault VM over qrexec. Passkeys can be stored in software (default) or a hardware token (needed for attestation).
The value to a user, and who that user might be
All users willl benefit from better password management and from native passkey support.
Completion criteria checklist
(This section is for developer use only. Please do not modify it.)
The text was updated successfully, but these errors were encountered: