As a developer I want to log in to my federated services with my security key as a second factor so that authentication with strong authentication without have to type in SMS/OTP/Backup codes when using station.
GIVE US CONTEXT
When I log into Github/Google/etc… accounts and I have set up 2FA with a FIDO U2F or FIDO2 security key then I am prompted to insert and touch the device. I expect the security key to blink and when I tap it for the authentication to complete. Instead, I have to step down to a lower authentication level and type in a code to access my accounts.
I’d like station apps to allow me to log in with my security key with online services that implement the FIDO U2F or FIDO2/WebAuthn open standards.
DESCRIBE THE IMPACT
The main advantages for me are:
- Speed of authentication
- Strong authentication (resistant to man in the middle and phishing attacks)
- Once FIDO2 / WebAuthn sees broad adoption, these services will enable me to login without having to remember a password