Start a new topic

MFA Support

 It would be great if Cohost supported Multifactor Authentication, either with codes or security keys (eg, Yubikeys).

45 people like this idea

Absolutely agree. Bare minimum something like Google Authenticator, with support for Yubikeys being great. Don't use email/text MFA, please.

5 people like this

Yes! Wish I could edit the post to include not SMS/email x.x


3 people like this

definitely; i'd like to be able to use a yubikey or duo push

1 person likes this

I think with the recent push for passwordless auth and its now wider availability, it might also be worth it to consider having the option to forgo passwords entirely and only use a yubikey/passkey/whatever via webauthn. while theoretically it’s more secure to have it be multi-factor, that’s kinda rendered moot a lot of the time if you use a password manager…

I would very much like a TOTP style solution.

internally, jae is a strong advocate for passwordless auth, but I'm a password + TOTP liker.  long term, we'll do at least one of these, maybe both.

7 people like this

Honestly, both are good, so thank you regardless of which you pick!

100%, I agree!! I would encourage this to be supported as a priority goal, especially with so many users considering migrating from Twitter. MFA is a huge deal and necessary in this day & age.

I do also like passwordless auth! Just not "MFA to email/SMS" (except as a fallback).

Just want to add to PromptCritical's comment about also wanting to have a "Via Email" option.

ooh very much would like passkey support

Both application-based One Time Password 2FA (Google/Microsoft Authenticator, iCloud Keychain), and passwordless WebAuthn (Yubikey, FIDO2, iCloud Keychain) would be very welcome. Latter, a W3C standard, would allow not only using physical passkeys, but passwordless authentication using supported devices and browsers (such as Safari), which can provide a secure digital key tied to a device or account. (Amusingly I couldn't find this post so I tried to create a new one, but it seems this one was bumped up the line.) 2FA via SMS should be avoided at nearly all cost, but 2FA via email could be provided as a fallback.

TOTP based two-factor auth is now live!

1 person likes this

very glad to have totp 2fa! i do wonder if changes to 2fa status should be a "send an email about this" action?

1 person likes this
Login or Signup to post a comment