As for convinience of the endusers, are there any plans to include the Webauthn-Standard as future option to log into the Forum ?
It's the official W3C-standard behind Marketing-Words such as "Sign in with Apple", "Windows Hello" or "Passkeys" and are already integrated into MacOS, iOS, Android, Windows, supported by common Browsers (Chrome, FF, Edge, ...). Its also usable under further Environments like Linux in conjunction with e.g. a yubikey.
Advantages would be
- easier handling (enduser only needs to verify against his device, e.g. fingerprint, PIN or FaceID). No need to remember a further Code.
- official W3C-Standard, therefore futureproof (pushed e.g. by Microsoft, Google, Apple, ...)
- No secret Information are stored outside the own enduser-device (technically only publickeys or signatures are transmitted)
https://fidoalliance.org/passkeys/
https://www.yubico.com/authentication-standards/webauthn/
Joe
BTW, to be able to be able to successfully authenticate at the forum, Scriptblocker needs to either disabled, or all of them allowed. As the scripts only appear after (!) entering data and sending data I needed several tries to catch and allow all of them.
@Flens, thank you for your suggestion, and I apologize for a late reply.
In regards to Webauthn-Standard, for now we don't have that option. However, I once it becomes a widely adopted standard (hopefully), I expect everyone to start supporting it and adding it as an extension, or as part of the core product. We will definitely add it as a feature once that happens.
For now, standard authentication is the only option. The good news is, unlike most other websites and forums on the Internet, we actually enforce 2FA on every account. This makes our system more secure and it is able to completely stop all forum spam, at least for now :)