Account Login using Public Key

Feature
1

Discourse Login No username, no email, no password.
Public keys do not require a password.
Since 2FA must be maintained on both the app and the website, it can prevent bot registration and avoid forgetting the public key.

Sign Up —> Generate Public key —> Bind 2FA TOTP

2FA is your password, 2FA as the first factor.

Login using public key+2FA.

Generate Public key
k41d9dfe789b8881c165e50f035aad1f286f88f2b33d97d10c198a4df37ae16f756f8a6b3520f2899eb19c321ef357e3fccaf6af627527c10b7cce9af7be4dc9

What do I need

I have registered more than 10 Discourse forums on Win10 browser and Android, such as F-droid, etc.

But I have forgotten my username and password, and my mail has been banned by the mail provider.

2

What benefit would this provide over the Passkey standard?

1 Like
3

Passkey No one uses it, it is not conducive to backup and recovery,
Passkey is not universal, and is overly dependent on the browser.

4

Everyone I know uses it.

Wait… what :flushed:

What am I missing this time?

1 Like
5

Passkey You must have an email to log in to enable it.
If I don’t forget my password, and my email has been banned by the operator. How can I log in!

Public key + 2FA can solve this problem very well. You must bind 2FA during the registration process.

Public key is the username

6

You’ll need to get a good handle on terminology and a clear design to propose anything concrete.

For instance, by “2FA” you probably mean “TOTP”?

And “username is public key” leaves a ton to be interpreted.

In the meanwhile, you could POC your proposed scheme by implementing it as a DiscourseConnect (or SAML or oAuth…) provider.

Also, in what scenario does this proposal make things better for the end user?

1 Like
7

No, it is not.

But the real issue is that:

Don’t use spam-accounts. That is the real reason. But in situation like that you should try to connect the admin and explain that. Or create new account and try to get those connected.

2 Likes
8

Just throwing my 2 cents in here, I use passkeys:

A list showing the date and time when passkeys were added and last used, along with their cross checks, and the types of passkeys such as Yubikey A and Yubikey C are also included in the list. (Captioned by AI)
A list showing the date and time when passkeys were added and last used, along with their cross checks, and the types of passkeys such as Yubikey A and Yubikey C are also included in the list. (Captioned by AI)469×290 5.84 KB

All major browsers support passkeys AFAIK?

2 Likes