Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider setting "platform" as authenticator attachment to support local 2fa devices such as fingerprint scanners #177

Closed
svenvandescheur opened this issue Jul 9, 2024 · 0 comments · Fixed by #690
Closed

Consider setting "platform" as authenticator attachment to support local 2fa devices such as fingerprint scanners #177

svenvandescheur opened this issue Jul 9, 2024 · 0 comments · Fixed by #690
Assignees
@SilviaAmAm
Labels
enhancement New feature or request

Comments

@svenvandescheur
Copy link
Contributor

Currently: TWO_FACTOR_WEBAUTHN_AUTHENTICATOR_ATTACHMENT = "cross-platorm" is set to enforce the use of a different physical device as second factor provider. Changing this to "platform" allows the same physical device te negotiate the second factor, e.g. using a built-in finger print scanner.

On support Mac's this allows the touchid scanner to be used for multi-factor authentication which may improve the user experience when dealing with such authentication steps, other platforms may or may not have similar setups and the (fallback) behavior should be tested if the value is changed.

Pros:

  • Allows easier use of 2fa using tools such as finger print scanners.
  • May possibly reduce the risk of a losing acces to a device proving a second factor.

Cons:

  • The amount of "2fa-ness" is left over to the implementation of the platform used by the user.
  • May possibly be (a little) less secure than "cross-platform" as setting.

Before making any decision I think we should understand the devices the users are working on (do they even provide platform based 2fa tools)? Is there any policy restricting this choice?
@svenvandescheur svenvandescheur added the discuss Further information is requested label Jul 9, 2024
@svenvandescheur svenvandescheur added enhancement New feature or request and removed discuss Further information is requested labels Feb 13, 2025
SilviaAmAm added a commit that referenced this issue Feb 13, 2025
@SilviaAmAm
🔧 [#177] Make webauthn settings configurable
6d0a73d
SilviaAmAm added a commit that referenced this issue Feb 13, 2025
@SilviaAmAm
📝 [#177] Document webauthn settings
54aa314
@SilviaAmAm SilviaAmAm mentioned this issue Feb 13, 2025
Merged
@SilviaAmAm SilviaAmAm moved this from Todo to Has Pull Request in Open Archiefbeheer - Sprints Feb 13, 2025
SilviaAmAm added a commit that referenced this issue Feb 17, 2025
@SilviaAmAm
Merge pull request #690 from maykinmedia/feature/177-2fa-settings
fae4e81 
[#177] 2fa settings
@github-project-automation github-project-automation bot moved this from Has Pull Request to Done in Open Archiefbeheer - Sprints Feb 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SilviaAmAm SilviaAmAm

Labels
enhancement New feature or request
Projects
Open Archiefbeheer - Sprints
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#177] 2fa settings maykinmedia/open-archiefbeheer
2 participants
@svenvandescheur @SilviaAmAm