Add WebAuthn MFA Support

Feature requests
,
1

Q1. What is the problem that you are trying to solve?
Support hardware authentication tokens via the WebAuthn (Web Authentication API - Web APIs | MDN) standard rather than proprietary vendor specific APIs (e.g. Yubico OTP).

Q2 - Who is impacted?
Anyone who uses a hardware authenticator.

Q3 - Why is it important and/or urgent?
Using WebAuthn rather than proprietary vendor specific APIs allows users to configure any CTAP1.0/2.0 hardware authenticator as an MFA device. This includes Yubikey (currently supported by the proprietary Yubico OTP), and many other keys from different vendors in different price ranges.

Additionally, WebAuthn is verified locally on the Passbolt server, without calling out to an external service (like the Yubico OTP servers), which removes a dependency (improving reliability) and means external HTTPs egress can be blocked (improving security).

Q4 - What is your proposed solution? (optional)
Use the WebAuthn APIs.

3 Likes
2

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

3

I made an account so I could vote for this. webauthn is SO important

6 Likes
4

Same here, Im waiting with deployment till webauthn is implemented.
Currently using bitwarden which supports webauthn.

3 Likes