Add support for U2F / WebAuthn [edited] (1 Merged Vote)

timmyc123
timmyc123 Member ✭✭✭
edited January 3 in Feature Requests

I guess this is more a request for the Quicken people as we use a Quicken account for logging into Simplifi.

Please add support for WebAuthn for both passwordless login and second factor. It is completely unacceptable to only offer legacy, non-attested, non-scoped MFA for a finance platform in 2020. It is incredibly easy to implement WebAuthn at this point.

Happy to discuss WebAuthn with the product team privately if needed.

Tagged:
5 votes

Active · Last Updated

Comments

  • markb
    markb Member
    This is related to the larger multi-factor authentication discussion, but is not a duplicate and shouldn't be merged.  The first and most critical issue (in my view) is supporting TOTP as that will be available to everyone and benefits all of your users.

    This is a separate request, which is to also support hardware security keys via U2F for MFA. Note that in order to avoid the same problem you have now with not being able to share an account this implementation will need to support multiple security keys.  (It should anyway, for users like me that have one key they use at home, and another one with NFC support for authentication with mobile apps).