公開鍵を使用したアカウントログイン

特徴
1

Discourse Login No username, no email, no password.
Public keys do not require a password.
Since 2FA must be maintained on both the app and the website, it can prevent bot registration and avoid forgetting the public key.

Sign Up —> Generate Public key —> Bind 2FA TOTP

2FA is your password, 2FA as the first factor.

Login using public key+2FA.

Generate Public key
k41d9dfe789b8881c165e50f035aad1f286f88f2b33d97d10c198a4df37ae16f756f8a6b3520f2899eb19c321ef357e3fccaf6af627527c10b7cce9af7be4dc9

What do I need

I have registered more than 10 Discourse forums on Win10 browser and Android, such as F-droid, etc.

But I have forgotten my username and password, and my mail has been banned by the mail provider.

2

What benefit would this provide over the Passkey standard?

「いいね!」 1
3

Passkey No one uses it, it is not conducive to backup and recovery,
Passkey is not universal, and is overly dependent on the browser.

4

Everyone I know uses it.

Wait… what :flushed:

What am I missing this time?

「いいね!」 1
5

Passkey You must have an email to log in to enable it.
If I don’t forget my password, and my email has been banned by the operator. How can I log in!

Public key + 2FA can solve this problem very well. You must bind 2FA during the registration process.

Public key is the username

6

You’ll need to get a good handle on terminology and a clear design to propose anything concrete.

For instance, by “2FA” you probably mean “TOTP”?

And “username is public key” leaves a ton to be interpreted.

In the meanwhile, you could POC your proposed scheme by implementing it as a DiscourseConnect (or SAML or oAuth…) provider.

Also, in what scenario does this proposal make things better for the end user?

「いいね!」 1
7

No, it is not.

But the real issue is that:

Don’t use spam-accounts. That is the real reason. But in situation like that you should try to connect the admin and explain that. Or create new account and try to get those connected.

「いいね!」 2
8

Just throwing my 2 cents in here, I use passkeys:

A list showing the date and time when passkeys were added and last used, along with their cross checks, and the types of passkeys such as Yubikey A and Yubikey C are also included in the list. (Captioned by AI)
A list showing the date and time when passkeys were added and last used, along with their cross checks, and the types of passkeys such as Yubikey A and Yubikey C are also included in the list. (Captioned by AI)469×290 5.84 KB

All major browsers support passkeys AFAIK?

「いいね!」 2