Hoping Apple announce something in June. In the UK and North America iOS accounts for ~56% of mobile internet devices, Android accounts for 42%. Really hard for anyone to deploy this at scale until that changes.
I am slotting this for 2.4, very unlikely we will get it done for 2.3 but who knows.
News on this:
Firefox just enabled the older U2F registration method by default for the next release, due to historical raisins in Android. (WebAuthn was already enabled.)
I definitely like this for 2.4, seems like all major browsers are on board except iOS
Is the plan to allow password-less login with webauthn or just second factor?
Ideally both, is what I am thinking.
Update: NFC-based webauthn has just landed in Firefox Beta for Android, if I understand it correctly.
2fa now has a dedicated settings screen:
Looking forward to U2F support, already using it in several other places.
It is going to happen, on the roadmap for Discourse Version 2.4
One thing that I would like to discuss is how we will use webauthn in Discourse. Will it just be an alternative form of 2FA? Or will we be able to use it as an alternate form of login, like a social/mail login (in place of username/password)?
U2F is dead, long live webauthn