Support WebAuthn/FIDO2 two-factor authentication

Web Authentication (WebAuthn) is a way of authentication users which provides strong protection against phishing and related attacks. Buildkite’s current TOTP-based 2FA is still vulnerable to phishing attacks, which have become increasingly common in recent years.

I would love to be able to:

  1. Use WebAuthn to authenticate to my Buildkite account.
  2. See which organization users are using WebAuthn-based 2FA instead of TOTP
  3. Require that all non-SSO users in my organization enable WebAuthn-based 2FA (similar to this request).


Thanks Matt!

We’ll make sure our product team checks this out, and they will get back to you.


Hey Matt,

Thanks for reaching out about webauthn 2FA, we’ve been keen on this for a while, it’s not currently on our roadmap but we are actively investigating ways to better facilitate the technology in the future.

In the meantime we’ve seen other customers have some success with webauthn via okta. I don’t know if that’s an option for you? I’m aware it doesn’t solve points 2 and 3, especially if you have both SSO and non-SSO users.