[meta] Allow 2FA Login Using a U2F Device
- Use a U2F device as an alternative to authenticator apps.
- Best example of a U2F device is Yubico's FIDO U2F Security Key
- https://www.yubico.com/
- https://www.yubico.com/products/yubikey-hardware/
Suggested in gitlab-ce#2979 (comment 4868554) /cc @JobV @matt.wilkinson
Features
This serves as an umbrella issue for all U2F features:
-
Register U2F device and authenticate with it (gitlab-ce!3905) -
Require authenticator to be set up before enabling U2F (gitlab-ce#17333) -
Support for Firefox via extension (gitlab-ce#17341) -
Add an identifier for each U2F device (gitlab-ce#17334) -
More granular control over disabling U2F devices (gitlab-ce#17335) -
Honor the "Remember Me" parameter (gitlab-ce#18103) -
Polish up the U2F flow (gitlab-ce#18556) -
Register an U2F device should trigger an email and an audit log event (gitlab-ce#18557) -
Support for more browsers (gitlab-ce#22938 and gitlab-org/gitlab-ee#778)
TODO After Core Implementation
-
Test with other vendors' U2F devices -
Order non-yubico U2F devices -
Test with non-yubico devices - I've tested our U2F implementation with these three devices, with no issues:
- Yubico FIDO U2F: https://www.amazon.com/dp/B00NLKA0D8
- Plug-Up Security Key: https://www.amazon.com/dp/B00OGPO3ZS/
- HyperFIDO Security Key: https://www.amazon.com/dp/B00WIX4JMC
- I've tested our U2F implementation with these three devices, with no issues:
-
-
Audit ruby-u2f gem and u2f javascript API
Edited by 🤖 GitLab Bot 🤖