VoidAuth is a self-hosted Single Sign-On solution that aims to be easy to setup and use while feeling seamless to your users. Release v1.1.0 brings a few new features I have been working on and am excited about:

Passkey-only Users, the option on sign-up to use a passkey instead of a password.
Admin Notification Emails, so admins know when they have new tasks such as user registrations to approve.
Approval Emails for New Users, so new users awaiting approval know when they have been.
DEFAULT_REDIRECT back to your main page for invitations, logouts, etc.
and more!

you are viewing a single comment's thread
view the rest of the comments

[–] vort3@lemmy.ml 10 points 1 week ago (8 children)

Sorry for being silly here, I've been kind of out of the loop with recent technology, what exactly is "passkeys"? I remember reading something when it was announcement, but all I saw was lots of buzzwords and vague "it's new and it's very good" claims.

Is it like, an alternative authorization method? Is it a second factor after I type my login/password, or does it replace passwords? What does it look like, from users perspective?

[–] notquitenothing@sh.itjust.works 4 points 1 week ago

Pretty much as answered already, passkeys (sometimes branded like FaceID or Windows Hello but it is an open spec) are an alternative to passwords. Your public key that identifies your user is stored in VoidAuth and your private key is stored on your device. Some password managers support syncing passkeys, so you don’t have to set up a new passkey on every device.

The advantage over passwords is that they are domain and device specific, so are much harder to be leaked from the client side. VoidAuth (or other services) should only be storing your public key so a leak on the server side would not allow someone to log in as you.

load more comments (7 replies)