February 8, 2026
Key Wars: Users vs Platforms
Credentials for Linux: Bringing Passkeys to the Linux Desktop
Passkeys crash the Linux party — users ask who owns the keys
TLDR: Credentials for Linux aims to bring password-free logins to Linux with a shared service and library. The crowd is split between fans of simpler security and skeptics furious over who controls the keys—users, browsers, or websites—and how they’re stored, making ownership the hottest issue.
Linux finally got a big password-free moment at FOSDEM 2026, where Credentials for Linux showed off a plan to bring “passkeys” (device-based logins) to the desktop. Think fewer passwords, more tap-to-approve. The project includes a Rust library, libwebauthn, and a system service, credentialsd, plus a demo of Firefox talking to hardware keys and phones. There’s a GitHub if you want receipts.
Then the comments went full soap opera. One camp says passkeys (the WebAuthn/FIDO2 standards used by big platforms) are great; the other screams who owns the keys? digiown blasted “anti-user” rules like forced prompts and blocking access to the raw keys. notepad0x90 raged that websites shouldn’t dictate where keys live or snoop on devices. hexo parachuted in with a classic: “No thanks, it stinks.” Meanwhile, shmerl asked the practical question: where are these passkeys actually stored? And flumpcakes loves the idea but hates the chaos: “my browser wants to own the passkeys, my OS wants to own the passkeys,” while hardware keys wait patiently like third wheels. Jokes flew about a Linux custody battle—Browser vs OS vs Hardware Key—and whether syncing passkeys is breaking the rules or saving sanity. The devs promise a roadmap with TPM chips and GNOME/KDE/Flatpak teaming, but the crowd is laser-focused on control, privacy, and the eternal question: are these your keys, or just rented credentials?
Key Points
- •The talk introduces “Credentials for Linux,” aiming to standardize passkey (WebAuthn/FIDO2) support on the Linux desktop.
- •The architecture includes libwebauthn (a Rust FIDO2/U2F library with USB, BLE, and Hybrid support) and credentialsd (a D‑Bus/XDG portal service with a reference UI).
- •Firefox integration is demonstrated via a web extension and a patched Flatpak build, enabling sandboxed browser access to authenticators through credentialsd.
- •Distribution packages are provided via OBS for Fedora and openSUSE, facilitating testing and adoption.
- •The roadmap targets TPM-backed platform authenticators, origin binding, unprivileged browser APIs, and collaboration with GNOME, KDE, Flatpak, password managers, and distributions.