2FA does not work / login to apps with multiple factors authentication / SSO (Security Keys, FIDO, Kerberos, Okta, DUO, etc.)

SUMMARY

As a developer I want to log in to my federated services with my security key as a second factor so that authentication with strong authentication without have to type in SMS/OTP/Backup codes when using station.

GIVE US CONTEXT

When I log into Github/Google/etc… accounts and I have set up 2FA with a FIDO U2F or FIDO2 security key then I am prompted to insert and touch the device. I expect the security key to blink and when I tap it for the authentication to complete. Instead, I have to step down to a lower authentication level and type in a code to access my accounts.

PROVIDE DETAILS

I’d like station apps to allow me to log in with my security key with online services that implement the FIDO U2F or FIDO2/WebAuthn open standards.




https://fidoalliance.org/download/

DESCRIBE THE IMPACT

The main advantages for me are:

  • Speed of authentication
  • Strong authentication (resistant to man in the middle and phishing attacks)
  • Once FIDO2 / WebAuthn sees broad adoption, these services will enable me to login without having to remember a password

Discourse now supports 2 step verification (2FA). Can you enable this on here on these forums, please? Thank you! :slightly_smiling_face:

:writing_hand: Brief description of the issue

Hi, I am trying to promote a login to my account using the gmail but my account need to redirect for a kerberos authentication and I receive a popup with the title “Kerberos Unsupported”.


:warning: Mandatory details

  • :gun: Trigger

  • :boom: Issue

  • :movie_camera: Explanatory gifs/pictures

  • :desktop_computer: OS version

  • :gear: Station version

I’m using Station on Ubuntu, and it seems really cool, but I’m not able to login to my work’s outlook account. We use OKTA and DUO to verify users, so not sure if there is something I need to do or if Station isn’t set up to handle that.

Matt

This is the sort of feature that is literally a deal-breaker: I can’t use any of my Google services with Station without security key support.

This is a problem for me when I try to log into my Univ of Michigan google mail account. It normally redirects to our SSO system, then a DUO prompt. But after I authenticate, the DUO prompt does not appear/occur.

As a user of Google’s Advanced Protection program, I can’t use my Google account at all in Station because the version of Electron is too old or unsupported for FIDO U2F. Could a beta version of Station built on Electron 4 or 5 be released?

Update: Just to be clear, Electron 4 has FIDO U2F support IIRC.

Same issue here, I cannot log in at all in my Google account for the lack of support of 2FA FIDO token.

:writing_hand: Brief description of the issue

I am trying to login to my work Google account, which uses Duo Security for 2 factor authentication. After entering my credentials, it gets stuck at the “Two-Factor Authentication Required” screen because the widget that send a push notification or my phone (or texts me, etc.) never loads. How can I get this working?


:warning: Mandatory details

  • :desktop_computer: OS version — macOS 10.14.4

  • :gear: Station version — 1.39.2

I use 2fa everywhere.
I do not have a single account without fido2 physical key based 2fa.
I am using Slack,Asana and google apps.
Can you please help?