Support Passkey / other 2FA methods #181
Comments
|
One comment on the Passkey implementation. It would be handy to allow adding multiple passkeys to an account. For example, I use 1Password, Mac OS Keychain, and Google Password Manager on various devices. Though I try to use 1Password exclusively, having backups Passkeys in the keychain and Google would give me extra confidence my account is secure but that I won't ever lose access either. Therefore, I'd appreciate being about to add multiple Passkeys to my account. To distinguish them, recording a unique name supplied by the user as well as the date added would be helpful. |
|
Separately, I've noticed that some sites require you to enter your email, then only prompt for the passkey when the user clicks on the password input. Technically, the passkey includes all relevant information (email, handle, etc) so it would be ok to prompt for a passkey when the user clicks on the email/handle field, or even when the login page is first displayed. I'd be curious to know if others have feelings on this, as prompting too early could annoy users that haven't yet set up passkeys. It doesn't seem like norms or best practices for this have fully developed yet, so it would be worthwhile considering what other popular Passkey consumers do. |
|
Perhaps Eiji Kitamura, agektmr on GH but not mentionable here, agektmr.com on Bluesky https://bsky.app/profile/agektmr.com, has thoughts about when/how to prompt, or could illuminate other implementation puzzles, given this great article https://web.dev/articles/passkey-registration Ricky Mondello, rmondello on GH but not mentionable here, rmondello.com on bluesky https://bsky.app/profile/rmondello.com, another bonafide passkeys and autofill expert, may be willing to share thoughts as well. They:
https://rmondello.com/2023/12/28/changes/ Getting the Bluesky passkey implementation right the first time is super important and may be many people’s first passkey experience that shapes their lifetime habits. I mentioned Eiji and Ricky in a Bluesky post pointing to this issue https://bsky.app/profile/famebot.bsky.social/post/3ldlrulh7wk26 |
|
Thank you for calling me out. Happy to provide consultancy to implement passkeys because I love Bluesky! https://passkeys-demo.appspot.com/ Is likely a handy demo you can learn from. You can find a link to the source code from the top right corner. https://developers.google.com/codelabs/passkey-form-autofill#0 is a bit outdated but a good starting point to learn how to implement passkeys. You can learn more tips, server side guides, ux guides from here https://developers.google.com/identity/passkeys/ See left hand navigation carefully. Hope this helps. |
Related to bluesky-social/social-app#1071; this issue is a feature request for relevant backend implementation.
Other relevant discussion: #99 (comment)
Is your feature request related to a problem? Please describe.
2 Factor authentication is generally a very handy feature for security purposes as passwords and logins sometimes fail. 2 Factor Authentication has become a very common addition to the login suite for protection.
Describe the solution you'd like
Implementation and support of some kind of 2FA support for accounts, besides email
For example:
Describe alternatives you've considered
While better than SMS, email is still relatively insecure when compared to other authentication measures.
The text was updated successfully, but these errors were encountered: