Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration option whether PIN is requested when using a security key (FIDO) for 2FA #16007

Open
sebastiansIT opened this issue Apr 7, 2021 · 0 comments
Open

Configuration option whether PIN is requested when using a security key (FIDO) for 2FA #16007

sebastiansIT opened this issue Apr 7, 2021 · 0 comments
Labels
suggestion Feature suggestion

Comments

@sebastiansIT
Copy link

Consider: Could it be implemented as a 3rd party app using the REST API instead?

I want a option for a central function (login). No, it can not be implemented as a 3rd party app.

Pitch

I use a Solo Key as a security stick for "Two Factor Authentication" (2FA). This Stick has a PIN to secure one of it's functions (passwordless login with FIDO2) not used on Mastodon. For login into Mastodon I used only the Function 2FA (FIDO 1). Actual the implementation of 2FA in Mastodon asks in addition to password (knowledge) and the stick (ownership) for my PIN. For critical systems this additional knowledge is OK, but I recommend to allow the administrators or each single user to disable the PIN request.

In Github and Twitter the same key allows usage as second factor without inserting the PIN.

Alternatively, the pin request can be switched off completely.

Motivation

Reduces steps when logging in with security keys.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion Feature suggestion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebastiansIT @vmstan