Passkeys are now first-class citizens on Windows, macOS, Android and iOS - but the Linux desktop still has no standard FIDO2 platform APIs for browsers and native apps.

This talk presents Credentials for Linux (github.com/linux-credentials), a cross-desktop effort to bring Passkeys and other credentials to Linux in a way that works for sandboxed apps and browsers alike.

We’ll cover: - Very short refresher on passkeys & platform authenticators: Why WebAuthn/FIDO2 passkeys matter, what platform authenticators are, and how this is solved on Windows Hello, Android and Apple platforms today, and the current state on Linux.
- Architecture of Credentials for Linux - libwebauthn: a Rust FIDO2/U2F platform library with support for USB, BLE and Hybrid authenticators (ie. Android & iOS smartphones), designed with pluggable transports and passkey features such as resident keys and user verification.
- credentialsd: a D-Bus service and proposed XDG portal for credential management, including a reference UI, Firefox integration (web extension + patched Flatpak build) and distro packages via OBS (Fedora/openSUSE).
- What this looks like for apps and browsers: Demo and design walkthrough of a sandboxed Firefox using credentialsd to talk to hardware security keys and phones, and how native applications can use the same D-Bus API.
- Roadmap, open problems and call for collaborators: TPM-backed platform authenticators, origin binding and unprivileged APIs for browsers, and how we’d like to work with GNOME, KDE, Flatpak, password managers and distributions.

The talk is aimed at people interested in identity and access management on the desktop: browser and desktop maintainers, distribution engineers, security practitioners and anyone who wants to help make passkeys a first-class citizen of the Linux platform.