Page 1 of 1

Support for FIDO2 or Webauthn

Posted: Mon Jun 24, 2019 8:31 am
by kyle.depasquale
I currently use Yubikeys for 2-factor authentication for a number of different personal and work online services - including Sonic via their support for authenticator apps. I am hoping though that Sonic could eventually support either FIDO2 or Webauthn for authentication to its member portal - it streamline the authentication process, and would add another optional layer of security for customer member accounts.

I know this probably wouldn't exactly be a high-priority item, but it is something that would be very much appreciated!

Re: Support for FIDO2 or Webauthn

Posted: Thu Sep 05, 2019 4:56 am
by ewhac
I just got a Yubikey 5 NFC. Google has also started selling its own Titan FIDO tokens. So add my vote to the pile.

Re: Support for FIDO2 or Webauthn

Posted: Sun Oct 17, 2021 6:04 pm
by chaiken
I just set up my Yubikey with Github. It would be great to control sonic.net access this way too.

-- Alison Chaiken

Re: Support for FIDO2 or Webauthn

Posted: Sat Jan 08, 2022 11:23 am
by dearscott
I recommend TOTP two factor one-time codes as opt-in. Mobile and desktop apps are readily available for all platforms, a common example being Google Authenticator.

If you support TOTP you allow customers to enable two factor, plus allow support for hardware tokens.

Re: Support for FIDO2 or Webauthn

Posted: Sat Jan 08, 2022 3:11 pm
by chaiken
I'm using Authy, but since I have a FIDO2 key pair, I'd prefer to go that route. FIDO2 keys are essentially trusted platform modules in a different package if I understand correctly, so that's as good security as one can get. In particular, even if someone logged in as me on this machine, they still could not fake the HW key.

-- Alison Chaiken