This repository has been archived by the owner on Jan 11, 2023. It is now read-only.
Feature request: U2F authentication for Lockwise in Firefox #360
Comments
mxkrn
changed the title
mxkrn
changed the title
|
As far as I've understand the Sync protocol, currently only username and master password (Firefox account credentials) are considered to generate the encryption key. If the login page would also consider U2F, keyfiles etc. that would increase the complexity of the user-given password a lot. So this is not an issue of the Sync protocol but the login page, right? Could it be solved by extensions, as a consequence? |
|
#330 duplicate ? |
|
This is about protecting local logins with 2FA (which would only be pseudo-security) but I assume that issue is about usage on websites. Unfortunately the summary there is unclear. |
True. I didn't know Fido2 was the underlying technology for U2F. Will close this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
After scouting Bugzilla I came to the conclusion that this would be the best place to address my concerns.
Firefox has done a great job in supporting U2F authentication for websites and web applications via the browser. However, after recently getting a U2F key from Yubikey, I found that there's no option to secure my Lockwise account with U2F, the only security is a master password. This came as a surprise because, as mentioned, Firefox already supports U2F for third-parties. In addition, most password managers support U2F authentication.
So it follows that I was wondering if this is an open topic already? If so, where can I follow any upcoming updates? If this hasn't been addressed yet, consider this as a feature request. I'm generally quite happy with the Lockwise application and would happily continue to use it, especially if I'm able to authenticate with U2F.
The text was updated successfully, but these errors were encountered: