standardnotes / forum

Support from other community members. For 1-on-1 help, please contact help@standardnotes.com.
https://forum.standardnotes.org
198 stars 8 forks source link

Allow TOTP as 2FA alternative if hardware security key can't be used #3743

Open taivlam opened 1 month ago

taivlam commented 1 month ago

Describe the bug From a UX perspective, a user will be prevented from proceeding from logging into their account if they use hardware security keys to log into their accounts but (for whatever reason) cannot get Android to detect a valid hardware security key.

To Reproduce Steps to reproduce the behavior:

  1. Add at least 1 security key to your Standard Notes account from the web app.
  2. Sign into your Standard Notes app on Android.
  3. The hardware security key prompt screen appears.
  4. See error.

Expected behavior There should be a UX fallback option to TOTP authentication, in case the default 2FA method of hardware security keys cannot work for whatever reason.

Screenshots If applicable, add screenshots to help explain your problem.

Screenshot: pic1

Other than the "Cancel" button, the only action a user can perform here is press the "Authenticate" button. pic2

Smartphone:

Additional context

taivlam commented 1 month ago

In order to bypass this UX issue, I have to do the following:

  1. Remove all hardware security keys on my Standard Notes account via the web app.
    • (This is so that Standard Notes can only use TOTP as 2FA.)
  2. Sign into my Android device with TOTP.
  3. Add back all my security keys via the web app.

This is a bit cumbersome, as it is currently is.