Following initial feedback from @zero-24, currently crossing out the "disable" part of the request, and leaving this here for discussion as well as an open Documentation Required item.

For details that need to be reworked into Documentation see: #28094

I have just added the docs required label here thanks. Yes all details and a baseline for that document can be found here: #28094

Raised this in relation to testing #30897

I noticed to there's a handful of issues needing addressing too on WebAuthN including a Release Blocker at time of writing.
https://github.com/joomla/joomla-cms/issues?q=is%3Aissue+is%3Aopen+webauthn

Documentation started:
https://docs.joomla.org/WebAuthn_Passwordless_Login

Webauthn does not require a USB key. There are other options

On Sat, 3 Oct 2020, 14:48 Phil Taylor, notifications@github.com wrote:

I know last time I asked why I was shot down, but if this plugin is going
to be enabled by default, then the other two factor authentication plugins
should be enabled by default too.

The argument against it last time was that "2fa needs something else set
up on a users phone etc..." well that argument is moot now you have enabled
by default webauthn which requires users to buy a USB key!

The other argument agains 2fa being enabled by default was that the
"secret key field" should be confusing being always shown... well Webauthn
being enabled by default will now show (on https) the webauthn button, so
again that argument is moot now too.

So once again I propose that 2fa should be enabled by default out of the
box the same way webauthn is.

It can always be turned off - like webauthn - if a site admin doesn't want
that feature

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#30905 (comment),
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAJ4P4I7FVR45PQ4TZL2GRDSI4TS3ANCNFSM4SCR444A
.

lol

There doesnt appear to be any reason for this Issue to remain open?

Closing - continued in #36060