-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple 2FA registrations per account #10149
Comments
Assuming that this limitation lies in the "devise-two-factor" project that Mastodon relies on, I filed this feature request over there: |
+1 |
You can use a Yubikey with Mastodon today but it's behind TOTP (I do not know why, it was not my decision, webauthn support was contributed by an outside collaborator). |
This feature would be great for shared accounts. We have an account for our Java User Group which is managed by two people. Unfortunately we can't use 2FA now. |
I tried to add a second hardware security tokens a.k.a. yubikey to my account, both showed up in the list but only the second one worked and removed authentication from the first. |
Google Accounts is doing this "right", offering the added flexibility of accepting multiple 2FA registrations per account, both for TOTP and for U2F/SecurityKeys.
Twitter currently only offer 1 of each per account.
IMO, Mastodon should follow the example of being flexible, with customiseable settings to activate/deactive/reactivate each entry any time.
This will add extra "security" for people to be able to use multiple devices, also for account recovery without needing to contact the site admin/support for assistance.
The text was updated successfully, but these errors were encountered: