Support for FIDO2 or Webauthn

General discussions and other topics.
5 posts Page 1 of 1
by kyle.depasquale » Mon Jun 24, 2019 8:31 am
I currently use Yubikeys for 2-factor authentication for a number of different personal and work online services - including Sonic via their support for authenticator apps. I am hoping though that Sonic could eventually support either FIDO2 or Webauthn for authentication to its member portal - it streamline the authentication process, and would add another optional layer of security for customer member accounts.

I know this probably wouldn't exactly be a high-priority item, but it is something that would be very much appreciated!
by ewhac » Thu Sep 05, 2019 4:56 am
I just got a Yubikey 5 NFC. Google has also started selling its own Titan FIDO tokens. So add my vote to the pile.
by chaiken » Sun Oct 17, 2021 6:04 pm
I just set up my Yubikey with Github. It would be great to control access this way too.

-- Alison Chaiken
by dearscott » Sat Jan 08, 2022 11:23 am
I recommend TOTP two factor one-time codes as opt-in under Account Settings. Mobile and desktop apps are readily available for all platforms, a common example being Google Authenticator.

Hardware token support would be great for passwordless Webauthn. Thanks for considering!
edit: Fido 2 users should be able to add the otp code to their hardware token manually.
by chaiken » Sat Jan 08, 2022 3:11 pm
I'm using Authy, but since I have a FIDO2 key pair, I'd prefer to go that route. FIDO2 keys are essentially trusted platform modules in a different package if I understand correctly, so that's as good security as one can get. In particular, even if someone logged in as me on this machine, they still could not fake the HW key.

-- Alison Chaiken
5 posts Page 1 of 1

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 2 guests