Absolutely agree. Bare minimum something like Google Authenticator, with support for Yubikeys being great. Don't use email/text MFA, please.
Yes! Wish I could edit the post to include not SMS/email x.x
definitely; i'd like to be able to use a yubikey or duo push
I think with the recent push for passwordless auth and its now wider availability, it might also be worth it to consider having the option to forgo passwords entirely and only use a yubikey/passkey/whatever via webauthn. while theoretically it’s more secure to have it be multi-factor, that’s kinda rendered moot a lot of the time if you use a password manager…
I would very much like a TOTP style solution.
internally, jae is a strong advocate for passwordless auth, but I'm a password + TOTP liker. long term, we'll do at least one of these, maybe both.
Honestly, both are good, so thank you regardless of which you pick!
I do also like passwordless auth! Just not "MFA to email/SMS" (except as a fallback).
Just want to add to PromptCritical's comment about also wanting to have a "Via Email" option.
ooh very much would like passkey support
TOTP based two-factor auth is now live!
very glad to have totp 2fa! i do wonder if changes to 2fa status should be a "send an email about this" action?
It would be great if Cohost supported Multifactor Authentication, either with codes or security keys (eg, Yubikeys).
43 people like this idea