[#43399] - Passkey set up -> Disable plain password?
- New
- Medium
- Build: 4.4-dev
- # 43399
When I set up a passkey for an admin user (backend) I can still login with the account password. Correct? I would expect setting up a safer password mechanism like passkey would disable the use of a less safe account password. But maybe I am wrong about that?
When a use logs in and Joomla detects a passkey is set up, maybe there needs the login needs to be blocked and the user should be asked for the passkey?
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
To make your account secure I think this would work (and be pretty safe) :
- Use passkey -> Without requiring 2FA
- Use norman password -> Require 2FA
I do believe there is an existing feature in the users options ('MultiFactor Authentication after Silent Authentication') , but it is not working at the moment. But will be on a next Joomla update: #42308
So using a passkey without protecting your regular (probably less safe) password with 2FA is not optimal for protecting your account.
Correct by my experience using Apple devices, where sometimes my fingerprint isn't recognised or i have to login per password to be able using passkey.