passless

Has pass and TPM2 backends.

Installation

yay -S passless-bin

sudo groupmod -a -G tss,fido $USER

Usage

passless

Prints instructions for further configuration (udev, etc).

SystemD service

https://github.com/pando85/passless/blob/master/contrib/systemd/passless.service

cat <<EOF > ~/.config/systemd/user/passless.service
[Unit]
Description=Passless FIDO2 Software Authenticator
Documentation=https://github.com/pando85/passless
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=passless
Restart=on-failure
RestartSec=5s

# Security hardening
# The application already handles its own memory locking and core dump prevention
# but we can add additional systemd protections
NoNewPrivileges=true
LimitMEMLOCK=2M

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=passless

[Install]
WantedBy=default.target
<<EOF

# need a fresh login for group permissions to apply

systemctl --user enable passless

Test

https://webauthn.io/

Passkeys

passless

Installation

Usage

SystemD service

Test

SideBar