question

11 views
Skip to first unread message

Anjul Kc

unread,
9:37 AM (2 hours ago) 9:37 AM
to FIDO Dev (fido-dev)
Greetings everyone, I am also interested in passwordless authentication but i have one question that making me disturbed.
I am a student passionate about cryptography. About the process of the authentication process do we have passkeys for various of the websites and is there any scheme used for using the same public key for these third party webs which is similar to using gmail across multiple third party webs and app, So basically can't we just register publickey once to central trusted authority and use the very same publickey for validation. Just like using gmail to sign in!!

Tim Cappalli

unread,
9:57 AM (2 hours ago) 9:57 AM
to Anjul Kc, FIDO Dev (fido-dev)
No, this is not possible by design. WebAuthn credentials are pairwise, and thus privacy preserving. What you're describing is federation, which is also an option.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/8b22f9c1-c7e8-41f0-9475-c362fb0bf816n%40fidoalliance.org.

DUBOUCHER Thomas

unread,
10:14 AM (2 hours ago) 10:14 AM
to Anjul Kc, FIDO Dev (fido-dev)

THALES GROUP LIMITED DISTRIBUTION to email recipients


Hi Anjul,

 

Passkeys can be used in conjunction with SSO (SAML, OpenID, etc), meaning you can already use today “login with Gmail/whatever” and use your passkey registered with Google.

 

Public keys are different between service providers to enforce privacy by default. Two service providers cannot compare their user database and use the public key of the passkeys to identify users they have in common.

 

Best regards,

 

 

 

 

Thomas Duboucher (he/him)

Embedded Security Specialist

Digital Identity and Security

Thales

 

 

 

From: fido...@fidoalliance.org <fido...@fidoalliance.org> On Behalf Of Anjul Kc
Sent: samedi 22 novembre 2025 15:48
To: FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Subject: [FIDO-DEV] question

 

Greetings everyone, I am also interested in passwordless authentication but i have one question that making me disturbed.


I am a student passionate about cryptography. About the process of the authentication process do we have passkeys for various of the websites and is there any scheme used for using the same public key for these third party webs which is similar to using gmail across multiple third party webs and app, So basically can't we just register publickey once to central trusted authority and use the very same publickey for validation. Just like using gmail to sign in!!

--

Reply all
Reply to author
Forward
0 new messages