Ditch your passwords, Passkey authentication on Linux
Alternate link on Peertube here: https://video.ironsysadmin.com/w/cQ1eX1sphxxvboFfrMwiM2
Folks, I know it, hopefully you know it, passwords are bad. You can get OK security with a decently long and complex password, but in general, passwords are easy to steal through phishing attacks. The best password policy in the world cant defeat a user giving their password to an attacker. So FreeIPA has been focusing on a few methods of passwordless, yet secure, authentication mechanisms. The latest of these is Fido2 passkey support. I wanted to throw together this demo to let you see how it works.
This is all availabe on 100% free and open source software, everything in this demo is in the FreeIPA and Fedora upstreams. I suppose the only commercial piece you need is the passkey. I used a YubiKey 5 with fido2 support.