internally, jae is a strong advocate for passwordless auth, but I'm a password + TOTP liker. long term, we'll do at least one of these, maybe both.
Absolutely agree. Bare minimum something like Google Authenticator, with support for Yubikeys being great. Don't use email/text MFA, please.
Yes! Wish I could edit the post to include not SMS/email x.x
TOTP based two-factor auth is now live!
very glad to have totp 2fa! i do wonder if changes to 2fa status should be a "send an email about this" action?
definitely; i'd like to be able to use a yubikey or duo push
I do also like passwordless auth! Just not "MFA to email/SMS" (except as a fallback).
ooh very much would like passkey support
Just want to add to PromptCritical's comment about also wanting to have a "Via Email" option.
Passkeys are getting a lot of traction. I can now use them for everything from my Bank to my Pharmacy and even my PlayStation console. I don't think I'll ever get my family into using physical security keys, but the Passkey integration into Android, iOS and Windows is really slick. I have my fingers crossed.
I would very much like a TOTP style solution.
I think with the recent push for passwordless auth and its now wider availability, it might also be worth it to consider having the option to forgo passwords entirely and only use a yubikey/passkey/whatever via webauthn. while theoretically it’s more secure to have it be multi-factor, that’s kinda rendered moot a lot of the time if you use a password manager…
purpleraccoon
It would be great if Cohost supported Multifactor Authentication, either with codes or security keys (eg, Yubikeys).
45 people like this idea