Feature #216
Add phishing-resistant authentication for https://panel.bitfolk.com/
| Status: | New | Start: | 2024-10-13 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 1 |
Description
It would be a good thing to have the option protecting ones https://panel.bitfolk.com/ account using a phishing-resistant form of authentication such as WebAuthn/Passkeys.
In the case of WebAuthn this could either be implementerad as a second factor using "plain" WebAuthn or as the primary factor by relying on WebAuthn Discoverable keys. The latter is what has came to be referred to as Passkeys.
This request is somewhat of a follow-up to https://tools.bitfolk.com/redmine/issues/117. While TOTP 2FA offers a good protection against weak and reused passwords it tend to fall short against a modern phishing attack, where the provided TOTP value can be proxied together with the provided password.
History
Updated by halleck 4 months ago
Here's an excellent tour through everything WebAuthn.
https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html
