Authentication via FIDO/Passkeys

In 2023, Kirby should support modern, secure authentication out-of-the-box: that is TOTP which can be setup via QR-Codes (way more secure than e-mail OTP), FIDO and Passkeys.

i think @distantnative just teased this in discord for Kirby4 yesterday: https://discord.com/channels/525634039965679616/1111220342522904706/1153758543367897109

🎉

Yeah yeah das wäre sehr genial!

I hope this feature request gets more attention. Native Passkey authentication would be super cool!

If someone is aware of simple (as in “very lean, not bloated, focused”) libraries to implement passkey support, please post them.

Bringing some new life to this, as the tech has advanced and its become easier to use. Support for Passkeys, which automatically includes support for hardware-keys, would be greatly appreciated. Here is a colleciton of libraries: https://simplewebauthn.dev

The current bottleneck is our auth configuration model. 2FA methods can only be enabled globally and automatically become required once enabled. For a useful and sensible UX, we need to allow optional 2FA. This project is still on our list.

Any updates on this? I find it a critical issue not to have secure sign in options.

We are currently working on the foundations in the core and have active plans to support this. However we cannot promise an implementation or ETA :)

I think it would also be a bit of a stretch to label the current option of 2FA between password and TOTP as insecure. But also looking myself forward to offering more options here.