Require password to delete WebAuthn device
What does this MR do and why?
Require a valid password to delete a registered WebAuthn device.
Associated with Allow disabling the TOTP authenticator without... (#393419 - closed)
Changelog: changed
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Go to
/-/profile/two_factor_auth - Enable a WebAuthn device
- Disable it
Edited by Hannah Sutor