Open
Description
Is your feature request related to a problem? Please describe.
Currently some admin functions require 2FA authentication. The only options available are Email and TOTP Authenticator Apps.
Some people use Security Keys and U2F (Universial Two Factor) for added ease of use and security, but this is currently not supported.
Describe the solution you'd like
- Support U2F as a valid 2FA mechanism
- It should also be possible to configure multiple 2FA mechanisms (be it security keys, TOTP Authenticator devices, ...)
- This allows for a backup to be configured in case one device (mobile phone, security key, ...) is lost
- When activating 2FA a set of backup codes should be printed
Describe alternatives you've considered
There is currently only the possibility of adding ONE TOTP authenticator OR email for 2FA - this hardly is an alternative ;)
Additional context
U2F is defined as part of the FIDO standards. More information can be found here: https://fidoalliance.org/specs/u2f-specs-master/fido-u2f-overview.html