Work out how WebAuthn should behave when the user has two+ 2FA devices (e.g. phone and key) connected when enrolling/using
Open, Needs TriagePublic
Actions

Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Edit Revisions
Mute Notifications
Protect as security issue
Award Token
Flag For Later

Assigned To

None

Authored By

	Jdforrester-WMF
	Apr 14 2022, 6:50 PM

Description

User created an account on wikitech, enrolled in 2FA with WebAuthn, and registered their phone but also had their security key plugged in; they got stuck in a situation where neither phone nor key were recognised.

We should probably handle cases where there's >1 device?

Event Timeline

Jdforrester-WMF created this task.Apr 14 2022, 6:50 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 14 2022, 6:50 PM

Stang added a subscriber: Stang.May 10 2022, 6:51 AM

Work out how WebAuthn should behave when the user has two+ 2FA devices (e.g. phone and key) connected when enrolling/usingOpen, Needs TriagePublicActions

Description

Event Timeline

Work out how WebAuthn should behave when the user has two+ 2FA devices (e.g. phone and key) connected when enrolling/using
Open, Needs TriagePublic
Actions