Support WebAuthn/FIDO2 two-factor authentication

moyer · March 15, 2023, 8:24pm

Web Authentication (WebAuthn) is a way of authentication users which provides strong protection against phishing and related attacks. Buildkite’s current TOTP-based 2FA is still vulnerable to phishing attacks, which have become increasingly common in recent years.

I would love to be able to:

Use WebAuthn to authenticate to my Buildkite account.
See which organization users are using WebAuthn-based 2FA instead of TOTP
Require that all non-SSO users in my organization enable WebAuthn-based 2FA (similar to this request).

Thanks!

paula · March 15, 2023, 8:48pm

Thanks Matt!

We’ll make sure our product team checks this out, and they will get back to you.

Best!

jameshill · March 16, 2023, 12:18pm

Hey Matt,

Thanks for reaching out about webauthn 2FA, we’ve been keen on this for a while, it’s not currently on our roadmap but we are actively investigating ways to better facilitate the technology in the future.

In the meantime we’ve seen other customers have some success with webauthn via okta. I don’t know if that’s an option for you? I’m aware it doesn’t solve points 2 and 3, especially if you have both SSO and non-SSO users.

Topic		Replies	Views
Force 2FA for user in an organization Features Requests	2	816	February 7, 2020
2fa requirement for manual trigger of a pipeline Features Requests	3	434	August 24, 2020
Github App instead of OAuth? Features Requests	0	560	February 27, 2019
Getting started - gpg error? General	2	489	June 25, 2022
Feature request - oAuth Features Requests	0	451	November 25, 2018

Support WebAuthn/FIDO2 two-factor authentication

Related topics