We already have 2FA available through Authenticator, it is just not required to create an account, I 2FA because I have toJust wanted to add to this, there are two approaches to getting webauthn support on to dash forums:
- Use this Xenforo addon https://xenforo.com/community/resources/digitalpoint-security-passkeys.8738/
- Migrate to discourse.org which has webauthn already built-in.
Offering multiple 2FA options is always preferable. Many well-known sites already use this eg. twitter, google, cloudflare, protonmail even yahoo. The general direction of the industry is moving towards better FIDO support.
Many of us have hardware wallets(or at least should) and they more than likely support some kind of U2F. I know for certain Trezor, KeepKey and Ledger does. It all but eliminates phishing attacks and if all that's needed to support this is adding a forum plugin, well why not? It's an increase in security without too much effort.
It doesn't have to be a hardware wallet, it's just an example. Any FIDO compliant security key will work.Why would you need to login to the Forum from a hardware wallet? This is a discussion website, not a wallet or exchange.
The question remains. I mean, up to you of course, but why? Do you not mind there would be mathematical proof that the things you say across all the forums were published by the same person?It doesn't have to be a hardware wallet, it's just an example. Any FIDO compliant security key will work.
That's what U2F does, the device is signing messages as proof that it is you. Same public key principles as gpg and dash addresses. TOTP on the other hand uses a shared secret which affords you some plausible deniability.Not sure if that question's directed at me. In terms of mathematical proof of identity are you referring to something like signing a message or post with GPG? or better yet a Dash address?