Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add WebAuth / FIDO2 / security key support #3097

Closed
paulschreiber opened this issue Jun 14, 2022 · 4 comments
Closed

Add WebAuth / FIDO2 / security key support #3097

paulschreiber opened this issue Jun 14, 2022 · 4 comments
Labels
feature

Comments

@paulschreiber
Copy link

Is your feature request related to a problem?

Currently, rubygems.org only supports TOTP as a second factor. This is not phishing-resistant.

Describe the solution you'd like

  • Add support for WebAuthn / security keys as a second factor.
  • Ensure users can register multiple keys
  • Ensure users can disable TOTP if desired.

Additional context

Security keys are support by Google, Microsoft, Facebook, Twitter, Dropbox, GitHub, AWS, WordPress.com and others.
@hsbt
Copy link
Member

hsbt commented Jun 14, 2022

Thanks for rising this. Can you discuss this topic on #2792?

@hsbt hsbt closed this as not planned Won't fix, can't repro, duplicate, stale Jun 14, 2022
@paulschreiber
Copy link
Author

Looks like #2108 has work done, but is stale.

@sonalkr132
Copy link
Member

We also tried this with #2865. This one is not as stale. Someone needs to update it and resubmit.

@aellispierce
Copy link
Member

I've reopened #2865 and am working on getting that up to date so we can push forward with WebAuth support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hsbt @paulschreiber @sonalkr132 @aellispierce