Page MenuHomePhabricator

Work out how WebAuthn should behave when the user has two+ 2FA devices (e.g. phone and key) connected when enrolling/using
Open, Needs TriagePublic

Description

User created an account on wikitech, enrolled in 2FA with WebAuthn, and registered their phone but also had their security key plugged in; they got stuck in a situation where neither phone nor key were recognised.

We should probably handle cases where there's >1 device?