2FA does not work / login to apps with multiple factors authentication / SSO (Security Keys, FIDO, Kerberos, Okta, DUO, etc.)


(Luke Walker) #1

SUMMARY

As a developer I want to log in to my federated services with my security key as a second factor so that authentication with strong authentication without have to type in SMS/OTP/Backup codes when using station.

GIVE US CONTEXT

When I log into Github/Google/etc… accounts and I have set up 2FA with a FIDO U2F or FIDO2 security key then I am prompted to insert and touch the device. I expect the security key to blink and when I tap it for the authentication to complete. Instead, I have to step down to a lower authentication level and type in a code to access my accounts.

PROVIDE DETAILS

I’d like station apps to allow me to log in with my security key with online services that implement the FIDO U2F or FIDO2/WebAuthn open standards.




DESCRIBE THE IMPACT

The main advantages for me are:

  • Speed of authentication
  • Strong authentication (resistant to man in the middle and phishing attacks)
  • Once FIDO2 / WebAuthn sees broad adoption, these services will enable me to login without having to remember a password

Browser cookies disabled preventing SSO for new gmail account
Kerberos Unsupporte
Enable 2 step verification on these forums
Unable to Login to Outlook - need OKTA support
(Arun Sathiya) #2

Discourse now supports 2 step verification (2FA). Can you enable this on here on these forums, please? Thank you! :slightly_smiling_face:


(Luiz Henrique De Sousa Ribas) #3

:writing_hand: Brief description of the issue

Hi, I am trying to promote a login to my account using the gmail but my account need to redirect for a kerberos authentication and I receive a popup with the title “Kerberos Unsupported”.


:warning: Mandatory details

  • :gun: Trigger

  • :boom: Issue

  • :movie_camera: Explanatory gifs/pictures

  • :desktop_computer: OS version

  • :gear: Station version


(Matt Muchowski) #5

I’m using Station on Ubuntu, and it seems really cool, but I’m not able to login to my work’s outlook account. We use OKTA and DUO to verify users, so not sure if there is something I need to do or if Station isn’t set up to handle that.

Matt