Login via WebAuthn or external service (GitHub, GitLab, BitBucket, Slack, …)

[fbender]

In light of the recent security incident [1], I kindly request you to provide login options for users that do not want to rely on simple user-password-authentication (even in addition to 2FA support per #358).

One option is to enable WebAuthn authentication. In addition, I recommend integrating the Login services of external platforms like GitHub, GitLab, BitBucket, Slack (and whatever else is already integrated into the platform). This would have effectively rendered the incident [1] as a lot less severe plus provided you (Docker, Inc.) with a way to prevent any kind of follow-on attack with the knowledge gained from the breach.

[1] https://news.ycombinator.com/item?id=19763413

[snodnipper]

💯 - many folks would love to use WebAuthn / FIDO/U2F hardware devices such as Ledgers and Trezors.

[github-actions]

We are clearing up our old issues and your ticket has been open for one year with no activity. Remove stale label or comment or this will be closed in 15 days.