Hacker News

Ejila passkey maka izoro data onye ọrụ

Okwu

16 min read Via blog.timcappalli.me

Mewayz Team

Editorial Team

Hacker News

Passkey bụ mmepe nyocha kacha atọ ụtọ n'ime afọ. Ha na-ewepụ phishing, wepụ ibu okwuntughe, wee wepụta ahụmịhe nbanye na-enweghị nkebi nke sitere na nzuzo igodo ọha na-akwado. Mana echiche na-ezighi ezi dị ize ndụ na-agbasa site n'obodo ndị mmepe: ọ bụrụ na igodo mbanye bụ cryptographic, n'ezie ha nwekwara ike izochi data onye ọrụ. Ha enweghị ike - yana ịnwa iji ha mee otu ahụ ga-emepụta sistemu na-akụda mmụọ, nke nwere ike igbachi ndị ọrụ gị na ozi nke ha kpamkpam. Ịghọta ihe kpatara na-achọ ileba anya nke ọma na ihe passkey bụ n'ezie, ihe nzuzo chọrọ, yana ebe ha abụọ na-agbanwe n'ụzọ dị oke mkpa maka ikpo okwu ọ bụla na-ejizi data azụmaahịa nwere mmetụta.

Nnyocha na ezoro ezo bụ ọrụ dị iche iche

Nnwapụta zara otu ajụjụ: "Ị bụ onye ị na-ekwu na ọ bụ?" Ihe nzuzo na-aza nke dị iche kpamkpam: "Ndeta a ọ nwere ike ịdị na-agụghị onye ọ bụla ma e wezụga ndị nwere ikike?" Nsogbu abụọ a na-ekekọrịta primitives cryptographic, mana ihe injinia chọrọ na-agbanwe nke ọma. Nyocha kwesịrị ime otu ugboro n'otu nnọkọ, nwere ike ịnabata ọdịda oge ụfọdụ site na ndaghachi azụ mara mma, na ọ dịghị mkpa ka ịmepụta otu mmepụta oge ọ bụla. Izo ya ezo na-achọ ka i nweta igodo nwere ike imegharị ya n'ime oge ndụ data niile - nke nwere ike ịbụ afọ ma ọ bụ iri afọ.

Mgbe iji igodo passey jiri nyocha, ngwaọrụ gị na-ewepụta mbinye aka cryptographic na-egosi na ị na-ejide igodo nzuzo jikọtara na akaụntụ gị. Sava na-enyocha mbinye aka a wee nye ohere. Ọ dịghị mgbe ihe nkesa - ma ọ bụ ọbụna ngwa gị - enweta ohere ịnweta igodo nzuzo n'onwe ya. Nke a bụ njirimara, ọ bụghị oke. Ụdị nchekwa niile nke passkey dabere na igodo nzuzo anaghị ahapụ ebe nchekwa ngwaọrụ gị. Mana ezoro ezo chọrọ ka ịjiri igodo iji gbanwee data, ma emechaa jiri otu igodo ahụ (ma ọ bụ ibe ya) tụgharịa mgbanwe ahụ. Ọ bụrụ na ịnweghị ike ị nweta igodo ntụkwasị obi, ị nweghị ike iwepu ya na ntụkwasị obi.

Platform dị ka Mewayz nke na-ejikwa ozi azụmaahịa nwere mmetụta - akwụkwọ ọnụahịa, ndekọ ụgwọ ịkwụ ụgwọ, kọntaktị CRM, akwụkwọ HR n'ofe modul 207 - chọrọ atụmatụ nzuzo nke etinyere na igodo na-adịgide adịgide, enwere ike nwetaghachi, yana ịnweta ya mgbe niile. Ịwulite nke ahụ na ntọala e mere kpọmkwem iji gbochie ịnweta igodo bụ ihe mgbagha ụkpụrụ ụlọ.

Gịnị kpatara Paswọdu ji eguzogide Iji dị ka igodo ezoro ezo

Nkọwapụta WebAuthn, nke na-akwado paskey, kpachaara anya mee ya site na mmachi na-eme ka izo ya ezo ghara ịdị irè. Ịghọta ihe mgbochi ndị a na-ekpughe ihe kpatara na nke a abụghị oghere nke injinia nwere ọgụgụ isi nwere ike imechi - ọ bụ oke oke nhazi.

  • Ọnweghị mbupụ igodo: A na-echekwa igodo nzuzo emepụtara n'oge ndebanye aha passkey na nchekwa nchekwa ngwaike kwadoro (TPM, Secure Enclave, ma ọ bụ ihe dakọtara). Sistemu arụ ọrụ na API ihe nchọgharị enyeghị usoro iji wepụta ihe isi ihe. Ị nwere ike ịrịọ igodo ka ị bịanye aka n'ihe, mana ị nweghị ike ịgụ igodo ahụ n'onwe ya.
  • Ọgbọ igodo anaghị ekpebi: Ịmepụta paswọọdụ maka otu onye ọrụ na ngwaọrụ dị iche na-emepụta ụzọ igodo dị iche kpamkpam. Enweghị mkpụrụokwu mkpụrụokwu, enweghị ụzọ mwepu, enweghị ụzọ isi wughachi otu igodo ahụ na ngwaọrụ ọzọ. Ndebanye aha ọ bụla nwere onwe ya na nzuzo.
  • Nnweta ejikọtara ngwaọrụ: Ọbụlagodi na ịmekọrịta passkey (iCloud Keychain, Google Password Manager), nnweta dabere na nsonye gburugburu ebe obibi. Onye ọrụ debanyere aha na iPhone wee gbanwee na gam akporo nwere ike ịtufu ohere. Onye ọrụ nke ngwaọrụ ya furu efu, zuru, ma ọ bụ nrụpụta ụlọ ọrụ na-eche otu nsogbu ahụ ihu.
  • Azịza naanị: WebAuthn API na-ekpughere navigator.credentials.get() nke na-eweghachi nkwenye mbinye aka, ọ bụghị ngwa ngwa. Ị na-enweta mbinye aka maka ihe ịma aka nke ihe nkesa nyere - bara uru maka igosipụta njirimara, abaghị uru maka ịnweta igodo nzuzo.
  • Onweghị mgbanwe algọridim:Passkey na-ejikarị ECDSA nwere usoro P-256. Ọbụlagodi na ị nwere ike ịnweta igodo ahụ, ECDSA bụ algọridim mbinye aka, ọ bụghị algọridim nzuzo. Ị ga-achọ mgbanwe ndị ọzọ (nkwekọrịta igodo ECDH, mmepụta KDF) nke API anaghị akwado n'ọnọdụ a.

Ụfọdụ ndị mmepe atụpụtala ihe ga-arụ ọrụ - iji PRF (Pseudo-Random Function) ndọtị gaa na WebAuthn, dịka ọmụmaatụ, iji nweta igodo symmetric n'oge nyocha. Ọ bụ ezie na ndọtị a dị na nkọwapụta, nkwado ihe nchọgharị ka na-ekwekọghị ekwekọ, ọ naghị adị n'ọtụtụ nyiwe mkpanaka, ma ọ ka na-eketa nsogbu njide ngwaọrụ. Enweghị ike ịmegharị igodo ewepụtara site na PRF n'otu ngwaọrụ na ngwaọrụ ọzọ nwere igodo passkey dị iche, ọbụlagodi maka otu akaụntụ onye ọrụ.

Ihe ndapụta data enweghị onye chọrọ ibupu

Tụlee ihe na-eme mgbe i jiri igodo ewepụtara na passkey ha zoo data onye ọrụ. Ihe niile na-arụ ọrụ nke ọma n'ụbọchị mbụ. Onye ọrụ na-abanye, a na-enweta igodo ahụ, ezoro ezoro ezo data ma mebie ya n'enweghị nsogbu. Mgbe ọnwa atọ gachara, ekwentị ha dara n'ime ọdọ.

Site na nyocha ọdịnala, ịlafu ngwaọrụ bụ ihe adịghị mma. Onye ọrụ na-enwetaghachi akaụntụ ha site na email, guzobe nzere ọhụrụ, wee gaa n'ihu na-arụ ọrụ. Mana ọ bụrụ na ejiri igodo kpuchiri data ha na nchekwa ngwaọrụ etinyegoro ugbu a, data ahụ agakwaghị. Ọ bụghị "siri ike ịweghachi" agafee - enweghị ike ịgbanwegharị cryptographicgafere. Enweghị tiketi nkwado ndị ahịa, enweghị mgbake mgbake akaụntụ, enweghị nkwalite ndị isi nwere ike ịgbanwe mgbakọ na mwepụ ahụ. Enwere ike ihichapụ data ahụ.

Iwu kadinal nke imewe sistemu nzuzo: ma ọ bụrụ na atụmatụ njikwa igodo gị nwere otu isi ihe ọdịda nke na-emebi ohere ịnweta data onye ọrụ kpamkpam, ị wubeghị ihe nchekwa - i jirila nzọụkwụ ndị ọzọ rụọ usoro enweghị data.

Maka azụmahịa na-arụ ọrụ site na ikpo okwu - ijikwa mmekọrịta ndị ahịa 50 na CRM, nhazi ụgwọ ọrụ kwa ọnwa maka ndị ọrụ 30, nyochaa ụgbọ ala - mfu data na-adịgide adịgide site na ekwentị dara ada abụghị obere okwu UX. Ọ bụ ọdachi na-aga n'ihu azụmahịa. Nke a bụ kpọmkwem ihe mere ihe owuwu Mewayz ji kewapụ usoro nyocha na nchekwa nchekwa data, na-ahụ na ọ nweghị otu ọdịda ngwaọrụ nwere ike imebi ohere ịnweta ozi azụmaahịa dị oke mkpa n'ofe modul ọ bụla jikọtara ya.

Ihe I Kwesịrị Iji Kama

Ozi ọma ahụ bụ na e nwere ụkpụrụ nke ọma maka izo ya ezo data onye ọrụ na-adabaghị na ọnyà passkey. A nwalere ụzọ ndị a n'ọgụ, kwadoo ya, ma hazie ya kpọmkwem maka ikpe iji ezoro ezo.

Izo ya ezo n'akụkụ ihe nkesa nwere igodo jisiri ike ka bụ nhọrọ kachasị mma maka imirikiti ngwa. Ikpokoro gị na-ezochi data n'izu ike site na iji igodo ejiri ya na ọrụ njikwa igodo kwesịrị ekwesị (KMS) - AWS KMS, Google Cloud KMS, HashiCorp Vault, ma ọ bụ ihe dakọtara. Onye ọrụ ahụ na-akwado (ji bọtịnụ passkey, ọ bụrụ na-amasị gị!) na ihe nkesa na-ejikwa ezoro ezo na decryption n'ụzọ doro anya. Nke a bụ ka ọtụtụ nyiwe SaaS si echebe data, ọ na-arụkwa ọrụ n'ihi na igodo na-adịte aka, kwadoo ya, na-agbanwe agbanwe, na enweghị onwe ya na ngwaọrụ onye ọrụ ọ bụla.

Igodo nzuzo enwetara okwuntughe(iji Argon2id ma ọ bụ scrypt maka isi wepụta) dabara adaba mgbe ịchọrọ ezi nzuzo nzuzo efu ebe ọbụlagodi sava enweghị ike ịgụ data onye ọrụ. Azụmahịa a bụ na ịlafu paswọọdụ pụtara na-efunahụ data ahụ, mana enwere ike iburu okwuntughe n'isi, dee ya ma chekwaa ya na ndị njikwa okwuntughe - anaghị ekpochi ha n'ime ngwaike ngwaike. Ọrụ dị ka 1Password na Standard Notes na-eji usoro a nke ọma.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →
  1. Jiri igodo passkey (ma ọ bụ usoro ọ bụla siri ike) maka nnwale — na-enyocha njirimara onye ọrụ.
  2. Mgbe nyochachara, wepụta ma ọ bụ weghachi igodo nzuzo site na sistemu njikwa igodo nwere ebumnuche wuru.
  3. Mee usoro escrow ma ọ bụ usoro mgbake — igodo mgbake, mmekọrịta igodo ọtụtụ ngwaọrụ, ma ọ bụ njide igodo nhazi maka akaụntụ azụmaahịa.
  4. Ezoro data na izu ike yana n'ụzọ site na iji AES-256-GCMma ọ bụ XChaCha20-Poly1305jiri igodo sitere na KMS gị.
  5. Tụgharịa igodo kwa oge ma dowekwankwakọba igodo ezoro ezo nke na-adị ndụ n'otu ebe ọdịda ọ bụla.
Nkewa nke nchegbu abụghị naanị omume kachasị mma - ọ bụ naanị ihe owuwu na-enye gị ohere ịkwalite usoro nyocha n'adabereghị na atụmatụ nzuzo gị. Mgbe passigodo mechara gbanwee ma ọ bụ jiri ihe ka mma dochie ya, data ezoro ezo gị na-anọgide na-enweta nke ọma.

Mgbakwunye PRF: Nkwa na ọnyà

Ndị nrụpụta na-esochi nkọwapụta WebAuthn anya nwere ike rụtụ aka na ndọtị prf dị ka àkwà mmiri nwere ike n'etiti passkey na nzuzo. Mgbatị a na-enye ndị na-adabere na ya ohere ịrịọ uru pseudo-random ewepụtara na ihe nzuzo paskey n'oge emume nyocha. Na tiori, uru a nwere ike bụrụ igodo nzuzo ma ọ bụ mkpụrụ.

Na omume, ndọtị PRF na-eche ihe mgbochi nkuchi dị mkpa ihu. Dịka mmalite 2026, nkwado na-adịgasị iche n'ofe ihe nchọgharị na nyiwe. Mmejuputa Safari dị iche na nke Chrome. Ọtụtụ ngwaọrụ gam akporo anaghị akwado ya ma ọlị. Igodo nchekwa ngwaike nwere nkwado na-ekwekọghị ekwekọ. Maka ikpo okwu ọ bụla na-eje ozi n'ụdị ndị ọrụ dị iche iche - yana Mewayz na-ejere ndị ọrụ 138,000+ ozi n'ofe sistemụ arụmọrụ ọ bụla na ụdị ngwaọrụ - izo ya ezo ụlọ na njirimara nwere nnweta enweghị ike ịrụ ọrụ.

N'ụzọ bụ isi, PRF anaghị edozi nsogbu ọtụtụ ngwaọrụ. Mbupụta pseudo-random sitere na igodo passkey akọwapụtara na ngwaọrụ akọwapụtara. Onye ọrụ na-edeba igodo mbanye na ma laptọọpụ na ekwentị ha na-enweta mpụta PRF abụọ dị iche ichemaka otu akaụntụ ahụ. Ị ga-achọ iji igodo ewepụtara otu ngwaọrụ zoo data wee megharịa ma ọ bụ kesaa igodo ahụ na ngwaọrụ ọzọ - nke na-eweghachite gị ozugbo iji wuo sistemụ njikwa igodo kwesịrị ekwesị. N'oge ahụ, igodo enwetara passkey na-agbakwunye mgbagwoju anya na-agbakwunyeghị nchekwa.

Nkụzi maka ndị na-ewu ụlọ: Jiri ngwa kwesịrị ekwesị maka oyi akwa kwesịrị ekwesị

Ọnwụnwa nke iji passkeys maka izo ya ezo sitere na ezi mmuo - ndị mmepe chọrọ itinye cryptography siri ike ma belata ọnụọgụ nzuzo ndị ọrụ kwesịrị ijikwa. Mana injinia nchekwa bụ n'ụzọ bụ isi maka iji oge ochie kwesịrị ekwesị na akwa akwa kwesịrị ekwesị. Mkpọchi na nchekwa na-echebekwa ihe ndị bara uru, mana ị gaghị etinye igbe nwụrụ anwụ n'ime oghere ma ọ bụ gbalịa iburu nchekwa n'akpa gị.

Passkey na-eme nke ọma n'ebumnobi ha mebere. Ha ebelatala iweghara akaụntụ phishing metụtara ihe ruru 99.9% na mbugharị n'ime Google. Ha na-ewepụ ọgụ nri nri kpamkpam. Ha na-enye ahụmịhe nbanye nke dị nchebe n'otu oge ma dịkwa mma karịa okwuntughe. Nke ahụ bụ nnukwu ihe ịga nke ọma, ma o zuola. Ịrịọ passkey ka ọ dozie ezoro ezo dị ka ịrịọ firewall gị ka ọ bụrụkwa sistemụ nchekwa gị - ọ na-aghọtahie ụlọ ọrụ ahụ.

Mgbe ị na-ewu nyiwe nke na-ahụ maka ọrụ azụmaahịa nwere mmetụta, ihe owuwu ahụ kwesịrị igosipụta oke doro anya. Nyocha na-enyocha njirimara. Ikike na-ekpebi ịnweta. Izo ya ezo na-echebe data n'oge ezumike na n'ụzọ. Njikwa igodo na-eme ka igodo ezoro ezo na-adị ndụ na ọnwụ ngwaọrụ, ngbanwe ndị ọrụ na mgbanwe akụrụngwa. Igwe oyibo ọ bụla nwere ihe eji arụ ọrụ, na ịgwakọta ha na-emepụta adịghị ike nke na-apụta n'oge kachasị njọ - mgbe onye ọrụ kacha mkpa ịnweta data ha ma enweghị ike.

Ịnweta nchekwa nke ọma na-enweghị imeri ya

Maka ọtụtụ ngwa SaaS na nyiwe azụmahịa, ndụmọdụ bara uru bụ nke kwụ ọtọ: were ịnụ ọkụ n'obi nara paskey maka nyocha, wee jiri KMS jikwaa mee nzuzo kpamkpam n'akụkụ sava. Nke a na-enye ndị ọrụ gị ahụmịhe nbanye kachasị mma dị taa ma na-echekwa data ha na akụrụngwa emebere ya maka ịdịte aka na mgbake.

Ọ bụrụ na ụdị iyi egwu gị chọrọ n'ezie izo ya ezo ngwụcha ruo ọgwụgwụ ebe ihe nkesa enweghị ike ịnweta data ederede doro anya, tinye ego n'ime ụlọ ọrụ nzuzo nke ọma n'akụkụ ndị ahịa nwere igodo ewepụtara paswọọdụ, koodu mgbake, na escrow igodo nhazi - ọ bụghị ụzọ mkpirisi enwetara passkey. Ntinye ego injinia buru ibu, mana uzo ozo bu ibupu sistemu nke ga - emecha mebie data mmadu n’enweghi ike imeghari.

Mkpebi nchekwa na-abawanye ka oge na-aga. Ụzọ mkpirisi e mere taa na-aghọ ihe nro ịkwaga n'ime afọ atọ mgbe ihe na-eme mgbanwe dị n'okpuru, ngwaọrụ gburugburu ebe obibi gbanwere amụma mmekọrịta ya, ma ọ bụ ihe nchọgharị kwụsịrị ndọtị. Iwuli na abstractions ziri ezi site na mmalite - nyocha dị ka nyocha, izo ya ezo dị ka izo ya ezo, nke ọ bụla nwere usoro ndụ nke ya - bụ ntọala nke na-eme ka ikpo okwu buru ibu ruo ọtụtụ narị puku ndị ọrụ na-enweghị oge ogbunigwe e liri na plumbing cryptographic.

Ajụjụ a na-ajụkarị

Gịnị kpatara na enweghị ike iji passkey wee zoo data onye ọrụ?

Echebere paskey naanị maka nyocha, ọ bụghị izo ya ezo. Ha na-adabere na cryptography igodo ọha iji nyochaa njirimara gị n'oge nbanye, mana igodo nzuzo anaghị ahapụ ngwaọrụ gị ma ọ nweghị ike ịnweta ngwa. Izo ya ezo chọrọ igodo kwụsiri ike, enwere ike imepụtagharị nke nwere ike ibelata data mgbe niile ka oge na-aga. Akara mbanye enweghị ikike a site na imewe, na-eme ka ọ bụrụ ihe na-adịghị mma maka ichekwa ozi onye ọrụ echekwara.

Gịnị na-eme ma ọ bụrụ na ị nwaa iji igodo passkey zoo data?

Ị nwere ihe ize ndụ iwulite sistemu na-emebi emebi ebe a na-ekpochi ndị ọrụ na data nke ha kpamkpam. Enwere ike ịkagbu, tụgharịa, ma ọ bụ dochie ya n'ofe ngwaọrụ na-enweghị ịdọ aka ná ntị. Ọ bụrụ na ejikọtara data ezoro ezo na otu paskey nke na-ehichapụ ma ọ bụ emelitere, enweghị ụzọ mgbake. Nke a na-emepụta ọnọdụ dị egwu na-efunahụ data na-enweghị ọnụọgụ ọrụ injinia nwere ike igbochi nke ọma.

Gịnị ka ndị mmepe kwesịrị iji kama passkeys maka izo ya ezo?

Ndị nrụpụta kwesịrị iji ihe nrụzi ezoro ezo wuo ebumnuche dịka AES-256 nwere njikwa igodo kwesịrị ekwesị, envelopu izo ya ezo, ma ọ bụ ọba akwụkwọ hiwere dị ka libsodium. Debe nyocha na ezoro ezo dị ka nchegbu dị iche iche. Jiri akwụkwọ ikike ngafe maka ihe ha kacha mma - nbanye na-enweghị paswọọdụ - yana igodo nzuzo raara onwe ya nye jikwaa site na wepụta igodo echedoro na sistemụ nchekwa maka ichekwa data onye ọrụ nwere mmetụta.

Kedu ka Mewayz si ejikwa nyocha na nchekwa data maka azụmaahịa?

Mewayz na-enye OS azụmahịa 207-module malite na $19/mo nke na-ekewa nyocha na nchekwa data site na iji omume kacha mma ụlọ ọrụ. Kama iji igodo ngafe eme ihe n'ụzọ na-ezighị ezi, ikpo okwu dị na app.mewayz.com na-emejuputa ọkwa nzuzo kwesịrị ekwesị n'akụkụ ụzọ nbanye echekwara, na-ahụ na azụmahịa nwere ike ichekwa data ndị ahịa na ntụkwasị obi na-etinyeghị ihe ngosi mkpọchi na-abịa site na ijikọ nyocha na nzuzo.

Try Mewayz Free

All-in-one platform for CRM, invoicing, projects, HR & more. No credit card required.

Start Free Try Demo

Start managing your business smarter today

Join 30,000+ businesses. Free forever plan · No credit card required.

Start Free → Watch Demo
Found this useful? Share it.
X / Twitter LinkedIn Facebook WhatsApp

Ready to put this into practice?

Join 30,000+ businesses using Mewayz. Free forever plan — no credit card required.

Start Free Trial →

Related articles

Hacker News

ASCII and Unicode quotation marks (2007)

Mar 16, 2026

Hacker News

Federal Right to Privacy Act – Draft legislation

Mar 16, 2026

Hacker News

How I write software with LLMs

Mar 16, 2026

Hacker News

Quillx is an open standard for disclosing AI involvement in software projects

Mar 16, 2026

Hacker News

What is agentic engineering?

Mar 16, 2026

Hacker News

An experiment to use GitHub Actions as a control plane for a PaaS

Mar 16, 2026

Ready to take action?

Start your free Mewayz trial today

All-in-one business platform. No credit card required.

Start Free →

14-day free trial · No credit card · Cancel anytime