Is your feature request related to a problem? Please describe.
Currently, the Netbird client supports login via website and SSO, which is efficient for administration. However, for the actual client network connection functionality, it lacks support for direct hardware-based authentication methods. This can be a limitation in environments that prioritize physical security measures or use Public Key Infrastructure (PKI) for enhanced access control. Users who rely on hardware keys or PKI cards, such as YubiKeys, Nitrokeys, or smartcards, may find the existing process inconvenient or not aligned with their security protocols.
Describe the solution you'd like
I would like the Netbird client to "natively" (or as good as possible 😉 ) support hardware-based authentication methods, allowing users to authenticate directly using devices like FIDO2 keys (YubiKey, Nitrokey) or PKI-enabled smart cards.
This feature should be an alternative or addition for the functionality of the "Setup-Keys":
Authentication for connecting: Using the hardware device for login, with an optional PIN requirement for additional security.
Compatibility: Support for a range of devices, including USB, NFC, and Bluetooth-enabled keys, as well as PKI tokens with X.509 certificates.
This would provide a seamless and highly secure login mechanism for the client, reducing reliance on web-based authentication while aligning with hardware-backed security policies.
Describe alternatives you've considered
Custom Scripts: Employing custom scripts to integrate hardware keys indirectly, but this approach lacks native support and requires significant technical knowledge.
Relying on Web SSO: While feasible, web-based authentication does not utilize the potential of hardware security modules, especially in high-security environments.
Additional context
Supporting hardware keys for authentication would align the Netbird client with modern security practices and enhance its usability in enterprise settings. Many security-focused solutions already include such support, and adding this feature would make Netbird a more competitive and secure choice for networking needs.
If needed, I am happy to provide more details or test the feature with various hardware keys and smartcards.
Is your feature request related to a problem? Please describe. Currently, the Netbird client supports login via website and SSO, which is efficient for administration. However, for the actual client network connection functionality, it lacks support for direct hardware-based authentication methods. This can be a limitation in environments that prioritize physical security measures or use Public Key Infrastructure (PKI) for enhanced access control. Users who rely on hardware keys or PKI cards, such as YubiKeys, Nitrokeys, or smartcards, may find the existing process inconvenient or not aligned with their security protocols.
Describe the solution you'd like I would like the Netbird client to "natively" (or as good as possible 😉 ) support hardware-based authentication methods, allowing users to authenticate directly using devices like FIDO2 keys (YubiKey, Nitrokey) or PKI-enabled smart cards. This feature should be an alternative or addition for the functionality of the "Setup-Keys":
This would provide a seamless and highly secure login mechanism for the client, reducing reliance on web-based authentication while aligning with hardware-backed security policies.
Describe alternatives you've considered Custom Scripts: Employing custom scripts to integrate hardware keys indirectly, but this approach lacks native support and requires significant technical knowledge. Relying on Web SSO: While feasible, web-based authentication does not utilize the potential of hardware security modules, especially in high-security environments.
Additional context Supporting hardware keys for authentication would align the Netbird client with modern security practices and enhance its usability in enterprise settings. Many security-focused solutions already include such support, and adding this feature would make Netbird a more competitive and secure choice for networking needs.
If needed, I am happy to provide more details or test the feature with various hardware keys and smartcards.