tsmethurst
commented
2 years ago I'm gonna put this under Future Tech because it would be cool to have, but it's probably not something we'll implement straight away.
Open igalic opened 2 years ago
tsmethurst
commented
2 years ago I'm gonna put this under Future Tech because it would be cool to have, but it's probably not something we'll implement straight away.
cortices
commented
2 years ago May be useful to check out the PR on Gitea's codebase that implemented the webauthn framework, the modern browser U2F/FIDO stack, for how it's implemented. https://github.com/go-gitea/gitea/pull/17957
currently, authentication is entirely password based. In an ideal world, GtS would support 2FA (or MFA), that is: two factor authentication, or multi-factor authentication.
Personally, I use* Yubikeys, which implement a number of standards: https://www.yubico.com/authentication-standards/
Yubikeys also support TOTP, thru Yubico Authenticator (which i trust slightly more than solely relying on Google Authenticator on a Google phone)
*I also wear them as fashion accessories.