**Mauve 👁💜** @mauve@mastodon.mauve.moe · May 10, 2023, 17:52

**Mauve 👁💜** @mauve@mastodon.mauve.moe · May 10, 2023, 17:52

Mauve 👁💜 @mauve@mastodon.mauve.moe

May 10, 2023, 17:52

Seriously, why the hell are we still using username/password when browsers have supported requesting client certificates for years now.

Literally just learned today that it's an API that's supported in all the major browsers already. Maybe because it's at the TLS/Server-side layer instead of inside client-side JS or the HTTP layer?

Only downside is now I need to add this functionality to Agregore. :P

**Defederate Threads!** @tasket@infosec.exchange · May 11, 2023, 03:55

**Defederate Threads!** @tasket@infosec.exchange · May 11, 2023, 03:55

May 11, 2023, 03:55

Defederate Threads! @tasket@infosec.exchange

@mauve

Answer: Because OS vendors did not want to make certs & keys first-class objects that are highly visible to users (and manageable by them).

TBH, I'm not sure if that would be better or worse than using password managers.

**Mauve 👁💜** @mauve@mastodon.mauve.moe · May 11, 2023, 04:19

**Mauve 👁💜** @mauve@mastodon.mauve.moe · May 11, 2023, 04:19

May 11, 2023, 04:19

Mauve 👁💜 @mauve@mastodon.mauve.moe

@tasket I think one thing that is different from password managers in this scenario is that you can use your key instead of an email+password combo and could potentially reuse credentials more easily. also has an obvious path for hardware keys

**Mauve 👁💜** @mauve@mastodon.mauve.moe · 2023-05-11T04:21:36Z

Mauve 👁💜 @mauve@mastodon.mauve.moe

@tasket also in general it's just more "standard", but I guess password managers are getting integrated at the operating system level now to so they're just as standard 🤷

May 11, 2023, 04:21 · · Web · · ·

Resources

Developers

What is Mastodon?

mastodon.mauve.moe

More…