feat(jans-casa): replace Touch Id with PassKey

[shekhar16]

#8676

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request appear to be focused on improving the user experience and security features related to two-factor authentication (2FA) and credential management in the Jans Casa application. The key changes include updating the terminology to align with Apple's latest branding for their PassKey feature, supporting FIDO2 security keys and built-in platform authenticators like Apple's PassKey for 2FA, requiring users to register a minimum number of credentials before enabling 2FA, and providing robust error handling and password strength validation. These changes demonstrate a security-conscious approach to the application's authentication and credential management functionality.

Files Changed:

• jans-casa/app/src/main/resources/labels/user.properties: This file contains the user interface labels and descriptions related to the 2FA and credential management features in the Jans Casa application. The changes include:
  • Updating the terminology from "Touch ID" to "PassKey" to align with Apple's latest branding.
  • Providing descriptions and instructions for using FIDO2 security keys and built-in platform authenticators like Apple's PassKey for 2FA.
  • Enforcing a minimum credential requirement before users can enable 2FA to prevent them from accidentally locking themselves out of their accounts.
  • Including various error messages and handling for scenarios like credential creation failure, operation cancellation, and unsupported browsers.
  • Incorporating a password strength indicator and validation to encourage users to choose strong passwords.

These changes demonstrate a security-conscious approach to the application's authentication and credential management functionality, which is an important aspect of maintaining the overall security of the Jans Casa application.

Powered by DryRun Security

[mo-auto]

Error: Hi @shekhar16, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.