[PB-49693] As a user, I would like to be able to register duplicate MFA options to avoid single point of failure lockouts

Feature requests
1

Q1. What is the problem that you are trying to solve?
I would like the ability to register multiple yubikeys instead of only one for 2fa. As it stands I can only register one, and only with OTP mode.

I would also like to be able to authenticate using WebAuthN / FIDO2 as a second factor so I can add multiple passkeys (yubikey, fido2 cards, smart cards, phones, etc…).

Q2 - Who is impacted?
How many people are affected by this issue or how many would benefit from this new feature? Is this for everyone or a specific group?

Q3 - Why is it important and/or urgent?
If MFA is enabled and you lose the single yubikey you can register, you are boned.

Q4 - What is your proposed solution? (optional)
Add ability to add multiple WebAuthN keys/passkeys and multiple OTP Yubikeys to user accounts.

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters
1 Like
[PB-49693] Add a second Yubikey as backup
2

As an admin, being able to add more than one security and/or more than one OTPT is critical: normally admins of mission-critical environments have a redundant amounts of 2FA/MFA, in order to never being locked out.

There are many reasons for implementing this feature, since you can get locked out by key device malfunction, lack of Internet, loss, etc.

Please add this to your roadmap, it’s a low-hanging fruit because you already provide those features, you basically just need to copy-paste your own code :laughing: