WCF icon indicating copy to clipboard operation
WCF copied to clipboard
verified publisher icon WoltLab

[FR:] FIDO2/WebAuthN to WSC

Open DiamantTh opened this issue 4 months ago • 2 comments

Good Morning,

At the moment, WoltLab Suite Core supports TOTP as a 2FA option.
For stronger security and modern compliance, it would be very helpful to also support WebAuthn / FIDO2.

This would allow:

  • Hardware keys (e.g. YubiKey, Nitrokey, SoloKey).
  • Platform authenticators like Windows Hello, Touch ID, Face ID, and Passkeys.

WebAuthn/FIDO2 is a W3C standard (since 2019) and supported by all major browsers.

Reference: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API

Greetings from Upper Franconia

DiamantTh

DiamantTh avatar Aug 25 '25 22:08 DiamantTh

WebAuthn is already supported. This is a paid plugin.

cadeyrn avatar Aug 26 '25 08:08 cadeyrn

especially considering the significantly increased costs for the software compared to earlier versions like the 4.x branch and how much this can help against phishing and general web security, it might be nice if it might someday just be included, rather than being something admins can just nope out of because they dont wanna pay and users cannot get the additional security benefits of webauthn.

especially on the subscription model 40€ extra per month for a website that would otherwise be fine on the cheaper plan is not exactly viable.

My1 avatar Aug 26 '25 18:08 My1