techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
05df642f3e
authelia/docs/features/2fa/security-key.md
Amir Zarrinkafsh 683c4a70bf
fix(web): improve 2fa enrollment process (#1706) 
* refactor(web): improve 2fa enrollment process

This PR will change some of the wording and colours for the 2FA processes in order to provide more clarity and address some accessibility issues for end users.

The following is a summary of the changes:

* One-Time Password ⭢ Time-based One-Time Password
* Security Key ⭢ Security Key - U2F

![Screenshot_2021-02-02-09-36-17](https://user-images.githubusercontent.com/3339418/107138185-17656100-6967-11eb-8fac-9e75c7a82d09.png)


* QRCode ⭢ QR Code

![Screenshot_2021-02-07-05-07-25](https://user-images.githubusercontent.com/3339418/107138196-29df9a80-6967-11eb-811f-d77c9bb0159e.png)

* `Not registered yet?` text to display `Lost device?` if a user has already registered a device of said type

![Screenshot_2021-02-02-10-24-54](https://user-images.githubusercontent.com/3339418/107138205-395ee380-6967-11eb-8826-83e1438dd146.png)

* Change button and text colour in e-mails that Authelia generates
* Change Authelia email footer to be more security conscious

![Screenshot_2021-02-07-04-51-40](https://user-images.githubusercontent.com/3339418/107138211-4085f180-6967-11eb-890b-9d931bd1ce76.png)

The docs have also been updated to clarify the 2fa device enrollment limitation which only allows users to register one of each device type concurrently.

Closes #1560.
2021-02-12 16:59:42 +11:00

64 lines
2.0 KiB
Markdown
Raw Blame History

---
layout: default
title: Security Keys
nav_order: 2
parent: Second Factor
grand_parent: Features
---
# Security Keys
**Authelia** supports hardware-based second factors leveraging security keys like
[Yubikeys](Yubikey).
Security keys are among the most secure second factor. This method is already
supported by many major applications and platforms like Google, Facebook, Github,
some banks, and much more...
<p align="center">
<img src="../../images/yubikey.jpg" width="150">
</p>
Normally, the protocol requires your security key to be enrolled on each site before
being able to authenticate with it. Since Authelia provides Single Sign-On, your users
will need to enroll their device only once to get access to all your applications.
<p align="center">
<img src="../../images/REGISTER-U2F.png" width="400">
</p>
After having successfully passed the first factor, select *Security Key* method and
click on *Not registered yet?* link. This will send you an email to verify your identity.
*NOTE: This e-mail has likely been sent to the mailbox at https://mail.example.com:8080/ if you're testing Authelia.*
Confirm your identity by clicking on **Register** and you'll be asked to
touch the token of your security key to complete the enrollment.
Upon successful enrollment, you can authenticate using your security key
by simply touching the token again when requested:
<p align="center">
<img src="../../images/2FA-U2F.png" width="400">
</p>
Easy, right?!
## Limitations
Users currently can only enroll a single U2F device in **Authelia**.
Multiple single type device enrollment will be available when [this issue](https://github.com/authelia/authelia/issues/275) has been resolved.
## FAQ
### Why don't I have access to the *Security Key* option?
U2F protocol is a new protocol that is only supported by recent browsers
and might even be enabled on some of them. Please be sure your browser
supports U2F and that the feature is enabled to make the option
available in **Authelia**.
[Yubikey]: https://www.yubico.com/products/yubikey-hardware/yubikey4/
Reference in New Issue View Git Blame Copy Permalink