Yubikey/U2F Key Support


(Nathaniel Suchy) #1

Would the developers of Discourse consider allowing us to use U2F Keys for 2-factor authentication?


(Jeff Atwood) #2

As I understand it, browser support is still too immature to do so. Feel free to cite relevant examples for Safari, Edge, Chrome, and Firefox.


(Sam Saffron) #3

Yes as far as I know only Chrome adopted this standard. I agree we got to wait here, or someone can build a plugin.


(Cameron:D) #4

Edge: The status of FIDO U2F in Microsoft Edge is Not currently planned - Microsoft Edge Development Not planned.

Firefox: Security/CryptoEngineering - MozillaWiki Supported in 57.

Safari: GitHub - Safari-FIDO-U2F/Safari-FIDO-U2F: FIDO U2F support for Safari. available via plugin.


(Gerhard Schlager) #5

It should be possible when WebAuthn is supported by major browsers. It’s already part of Firefox 60, will probably be in Chrome 67 and as far as I know it will be added to Edge and Safari in the near future.

https://www.w3.org/2018/04/pressrelease-webauthn-fido2.html.en


(Alex) #6

+1 I’d like to see U2F support as well.

Gitlab supports U2F by requiring users who want to leverate it to sign up for 2-factor authentication first… then if the user is unable to log-in via a U2F dongle (not accessible, browser lacks support, etc), they can do the normal authy/authenticator 2-factor.

U2F dongles are also getting cheap. http://a.co/8Q4C20f


(Mariano Rodriguez) #7

I think the approach of Gitlab would be the ideal, if the U2F is not available fallback to the traditional 2FA.

Google is already launching its own U2F key, so that will speed up the adoption and will ensure full support in all Google products.

That would keep Discourse in the lastest security measures.

Here is all the info about the adoption FIDO-U2F is getting


(Bhanu Sharma) #8

There are also U2F tools like https://krypt.co which are very handy to use. Integration of U2F in general will be much welcome.


(Sam Saffron) #9

Yes, this is unavoidable at the moment cause even the Yubikey neo does not support u2f on iPhone X despite NFC.

Not against adding this, but there is no rush here.


#10

The reason for that is just that Apple does not allow NFC to do this stuff. So no U2F key supports that…
However, obviously, that is not an argument again implementing this, if just one platform has does not properly implement support for that.
And, of course, you should always be able to use another 2FA mode (if configured) as a fallback if you cannot use FIDO U2F/WebAuthn keys (and yes, there are more than YubiKeys).


(Jeff Atwood) #11

https://caniuse.com/#feat=webauthn

Once Edge supports it, then Safari needs to fall in line. Not there yet.