Category: Tips

This is a test post to verify integration with the Discourse forum.

Let’s get real. It’s a pain generating unique long alpha-numeric passwords and 2-factor authentications for every web or app service we use today, often ending up using the same old password (we can remember) across services and skipping 2fas if not enforced. Even if you use a password manager to generate and auto-fill your state-of-the-art strong passwords, you’re still vulnerable to attacks like Phishing, where a website looks identical to the one you are trying to access, although in reality it is a fraudulent copy -trying to use and steal your passwords as soon as they’re entered. 

Using a 2-factor authentication is handy in this situation. Still, it involves either SMS-based OTPs or authenticator apps like Authy or Google Authenticator for TOTPs, requiring cellular connectivity or installation of additional apps. Not to mention, if you lose your password manager, it will be a nightmare. 

Enter Passkey 

Passkey is a new passwordless authentication, standard by the FIDO alliance that aims to replace passwords and 2FAs, providing a faster, easier, and more secure authentication process.

Passkeys work on public-key architecture, generating public and private keys for each web or app service you use. The public key is saved on the web/mobile service server you intend to use, and the private key is kept securely on your local device, e.g. your Smartphone. Every modern smartphone processor today has a Secure Element which will generate and save these passkeys, which means not even  you can  read or directly access your private key. 

Whenever you want to authenticate on a service,- a signature generated from your saved public key will be sent to your device, and you can authenticate this signature using your private key + Biometric Authentication, e.g. your device PIN, fingerprint or Face ID. Once the signature from the public key and private key matches, you’ll be successfully logged in, meaning you don’t have to enter any password or OTPs, saving you from creeping eyes while entering your passwords in the coffee shops. The Private key never leaves your device, and you don’t need to remember everything, + it’s Phishing proof since Phishing sites won’t have your public key anyway 😉 

So, to actually hack you, the hacker will require your device + your fingerprints/FaceID, and I don’t wanna imagine that scenario anyway.

Passkey in Action

Every service you wish to use will generate a unique passkey that can be synced across all your devices using the ecosystem cloud sync, e.g. iCloud or password manager provided by your browser. You can also share your passkeys with devices and people you want. Hardware keys like Yubikeys can also be used to generate and save passkeys. If you’re on a desktop, you can still use your mobile device for passkey authentication using QR codes generated by the services while trying to log in. The QR code can then be scanned by your phone and finished with the passkey authentication. 

For businesses, it saves cost on OTP services you provide for your users, and it’s pretty easy to add support for passkeys in your web or mobile applications using already existing authentication APIs offered for all major platforms – iOS, Android, Chrome, etc.

To start with Passkeys, look at the services already supporting it at https://www.passkeys.io/who-supports-passkeys and join the Passwordless train.

Take the survey

Participate in our ongoing survey and share your thoughts to help us and our partners build a secure experience for You! 

Setting up a new Raspberry Pi Board can be daunting without a monitor and keyboard, Once you flash a new image of the Operating System – Raspberry Pi OS or similar, the next obvious step is to boot the Pi, log in to it and access the terminal over SSH. But for a headless setup, i.e. without a Monitor and Keyboard, it’s not that straightforward. The same goes if you’re using a lite image of the OS (without a Desktop Environment). For SSH to work, you first need to get your board on your home network, even if you manage to create an ad-hoc network between your Pi and workstation, the SSH is disabled for security reasons. 

Are you ready to influence the tech landscape too? Take part in the Developer Nation survey and be a catalyst for change. Your thoughts matter, and you could be the lucky recipient of our weekly swag and prizes! Start Here

There are two simple ways to sort this out, and we’ll look into it one-by-one 

#1 The Simple Way: Using the official Raspberry Pi Imager, 

Raspberry Pi’s official flashing utility can be downloaded from here . This tool allows you to pick the OS image you want to flash. It also has a setting page where you can enable SSH and add credentials of your home router WiFi SSID and password. All this information is baked into the OS image during the SD card flashing process.

#2 The Ninja Way: Underneath the hood 

While the Raspberry Pi Imager way works pretty straightforward, for the ninja user, it’s important to understand how this all works underneath the hood. So the job of the flasher programmer is to partition your SD card into two segments – BOOT and the Root File System (rootfs) of the raspberry pi. This is how typical how Linux distributions are stored. 

The boot partition holds all the essential files used during the booting process, including the bootloader, and the rootfs partition holds the primary filesystem of the Linux operating system. Now let’s add settings for our WiFi connection and enable SSH on the raspberry pi board the ninja way. 

Once you flashed a new operating system, the SD card shall be auto-ejected, so re-insert the SD card, and you shall see a partition named BOOT mounted on your system. Create a new file in the root folder of the boot partition with the exact name – wpa_supplicant.conf. In this file add following using your favourite text editor or terminal: 

“` code-block

This information shall be used by “wpa_supplicant”, a utility used by Linux distributions like Debian to connect to wifi networks. After the boot is complete, it’ll scan for WiFi networks nearby and connect to your SSID and password you supplied. 

Don’t worry about supplying your password in plain text, after the boot, this file will be removed automatically.

Now to enable SSH, which is disabled by default for security, just create a new empty file with the name ssh in the root directory of the boot partition. Use the terminal command to create this file 

And that’s it, your raspberry pi will be connected to your WiFi network and ready to accept incoming SSH connection requests, and all this is done without ever connecting your board to a monitor and keyboard – Headless. 

Test your SSH connection from your workstation open the terminal, and type:

and you shall be logged in.

Found this tutorial interesting? Read more about the latest trends in Embedded System development in our previous blog here and take your embedded projects to IoT using MQTT via this blog here .