Jump to content

JoelAtMicron21

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

JoelAtMicron21's Achievements

Newbie

Newbie (1/14)

  • Conversation Starter

Recent Badges

0

Reputation

  1. JoelAtMicron21 started following U2F Support - Modern Smart Card
  2. JoelAtMicron21
    Hello PasswordState Team, Long time user, first time poster. We've used ClickStudios Passwordstate since like 2015 or maybe even earlier. It's great, we love it, and live by it. We want to make our lives easier, and also more secure by employing MFA, and we have a preference to use Hardware tokens. The industry standard at the moment is U2F. This was previously requested but since archived/closed. We would like to +1 this request (plus all the exisitng posts requesting it on this original thread - Re-Requesting as it was closed/archived: As Martin W quite elegantly put it: "U2F is slightly better than Yubico OTP see https://www.yubico.com/authentication-standards/fido-u2f/" The benefits of U2F are that a user can self-enroll, and reduces the administration/overhead of an organisation managing hardware tokens. It has all the benefits of hardware tokens, without the hassle of Yubikey's software enrollment, and without the limitations of using up a "yubikey's slot". In this way, it behaves more like an authenticator app, than a specific and singular public key. Most yubikeys only have one or two slots for OTP, but can be used as a U2F device without limit. Ultimately, we want to enable hardware-token MFA for our password vault * at a minimum, at login, but if possible: * ideally, when requesting access to view "more secure" password lists. This means that for some users, they can authenticate with just a username and password, and for more secure lists we can add other authentication requirements, not too disimilar to the PIN method password state already supports. Consider the user story: # As a user, I want a simple authentication process, but a secure hardware token for the most secure lists I go to https://passwordstate.mycompany.com and log in with my credential. I can view the lists I need unprivileged access to. My passwordstate administrators have set up more secure lists that require further authentication - for example, they require a PIN. This is troublesome as I need to request to pin, wait for the email, and enter the PIN. If my session times out and I come back to this screen, the system will email me another PIN. It would be easier if I could tap my hardware key. Please let me know if you need any more information.
×
×
  • Create New...