On 2024-12-06 10:05:55, terryc wrote:

> My current understanding is the use a USB Passkey via a browser on
> Devaun, I need to do the following;
>    A) install some PAM modules
>    B) Enable javascript for the site in the browser
>    C) Insert configured USB passkey and
>    D) Respond to the prompt()fondle the device).

>
> I just wanted to check my understanding that this will work before I
> start spending $$$ to buy a usb passkey for our government new secure
> login system.
>
> Thank You.
>
> Long story; The Australian government is starting to impose some
> "secureID" system on interactions with their portals. Somehow they
> have totally screwed up their password and challenge question system and
> 'someone' decided to impose a system that relies on hardware and
> services developed and controlled by google, apple, etc. That is "smart
> phones" to which I have a total revulsion and now can not physically
> use.

Being an Aussie as well, I'm worried about this. Especially since our
government has a habit of creating crap web sites.

As for "smart phones", mine has not been an actual phone for a long time,
it doesn't even have a SIM in it. I use a "dumb phone" once a week to
clear out scammers messages, and see if there's been the rare legetimate
message. People that know me know to email me.

Last year I had to buy a new "dumb phone", and was surprised to see it
includes a web browser and a bunch af 8 bit games. Very annoyed to see it
also includes a Facebook app (it's not Android, some Nokia operating
system). Can't add or remove apps.

> The one alternative of their systems that seems to be free of the
> privacy stripping and massive insecurity is a USB passkey, but their
> requirements on setting up and using passkeys are all variations of
> software and systems provided and controlled by overseas companies well
> know for stealing your personal data and daily reporting of major
> security breaches. It would also cost a significant amount of money to
> buy and infest hardware with their software.
>
> Having run Devuan since ascii, I want to fully explore doing passkeys
> via Devuan, hence my question.
>
> I'm considering buy a Yubi stick for the passkey.

Nitrokey might be a better choice, they are fussy about being open
source. I haven't tried any of this stuff out yet, but when I do manage
to get around to it Nitrokey is where I'll likely start. Though perhaps
KeePassXC might be able to handle the entire job, or be part of the
solution? It's what I use for password management. KeePassXC works well
with Firefox-ESR at least.

--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.