Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend 2FA with WebAuthn support #698

Open
peterthomassen opened this issue Mar 7, 2023 · 5 comments
Open

Extend 2FA with WebAuthn support #698

peterthomassen opened this issue Mar 7, 2023 · 5 comments

Comments

@peterthomassen
Copy link
Member

#316 (comment)

@peterthomassen
Copy link
Member Author

@peterthomassen
Copy link
Member Author

@fm
Copy link

fm commented Aug 26, 2024

Would this extend to a completely passwordless login with passkeys as well?

@peterthomassen
Copy link
Member Author

Would this extend to a completely passwordless login with passkeys as well?

In general, why not! But: #316 (comment) has a concern about this, namely the complexity of having to deal with attestation / PKI stuff. I'm not too familiar with that stuff (yet). If you know more, can you share what you think about this?

@emilazy
Copy link

emilazy commented Sep 5, 2024

I would generally say that the quality of the authenticators people use for their own accounts is more or less their own business and that there’s therefore no need to pull attestation into the mix just to implement WebAuthn fully. It’s no different from choosing to leave your API keys unprotected.

Attestation is usually used by e.g. corporate environments or banks or whatever that want to enforce strict policies around what’s used for authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants