Problem: MediaWiki's support for security keys (for example YubiKeys) via WebAuthn for two-factor authentication is, well, not very good. There are two main issues:
Security keys are tied to a single wiki. Combined with the broken cross-wiki auto-login mechanism this makes it annoying to log in.
It is only possible to add a single key to an account. Best practices for using security keys include having several keys with access in case a single key is damaged or lost.
Proposed solution: Fix the bugs mentioned above.
Who would benefit: Users who want to secure their user accounts.
Support I've used MediaWiki's WebAuthn support on and off for quite a while now and both those problems are ultimately huge issues preventing security key support from being the same positive experience I'm used to on other websites. Timawesomeness (talk) 11:25, 11 February 2023 (UTC)[reply]
Strong support I have recently acquired a hardware security key and set it as an authentication device in several of my online accounts, but couldn't do it for my Wikimedia account as that requires me to replace my existing TOTP setup (which I'd rather keep, since I may happen to not have my hardware key with me.) --Waldyrious (talk) 22:28, 11 February 2023 (UTC)[reply]
Support * Pppery * it has begun 03:52, 11 February 2023 (UTC)
Strong support I have recently acquired a hardware security key and set it as an authentication device in several of my online accounts, but couldn't do it for my Wikimedia account as that requires me to replace my existing TOTP setup (which I'd rather keep, since I may happen to not have my hardware key with me.) --Waldyrious (talk) 22:28, 11 February 2023 (UTC)
