Using the Fingerprint Scanner for Web Passkeys

  • Which OS (Operating System)? Manjaro Sway on Arch Linux
  • Which Framework laptop (11th, 12th or 13th generation Framework laptop, Chromebook or Framework Laptop 16) are you asking for support with? FW16

I use my fingerprint scanner with fprintd and PAM to unlock my user sessions and authenticate sudo.
But on a MacBook Air M1, I could also use the fingerprint scanner for passkeys in the web, for example to login to github.

Is this possible with the Framework at all, and if yes, under Linux?

Not framework specific, but: The keepassxc password manager also supports passkeys. When version 2.8.0 is released, it is expected to include support for using the fingerprint for unlocking the vault.

1 Like

Linux doesn’t have OS-level FIDO2 support like Windows and macOS do, so any support will be specific to a browser or password manager. Watch FIDO U2F/WebAuthn abstraction/permission/portal/… · Issue #989 · flatpak/xdg-desktop-portal · GitHub for movement on this.

Google Password Manager recently added support for passkey management in Chrome, but Chrome does not seem to have any fingerprint support on Linux. GitHub - psanford/tpm-fido: A WebAuthn/U2F token protected by a TPM (Go/Linux) is a project that emulates a U2F token in software, but it appears to lack active development or fingerprint support.

I haven’t used it, but KeePassXC does appear to be the only option in a viable state. I’m not sure how great of a user experience it would be to exclusively use for passkey management while using another password manager, though.

1 Like