q4qam (q4qam) asked a question.
I wasn't able to register my backup Security key in the UI. I've only had an option to reset the key.
Most of the services like Dropbox, Google or Github allows you to register nearly unlimited amount of devices. Google's Advanced protection program - https://landing.google.com/advancedprotection/ is actually forcing you to use at least 2 devices as you need to have a secure backup.
I believe that this is the violation of standard and I'm aware of only one service which failed to follow this simple rule - AWS. However, they basically gave an example on how not to implement U2F. Some additional details eg. in this discussion https://news.ycombinator.com/item?id=18071323
Is there any plan on fixing this and allowing more than 1 U2F device?
Hello Ján,
Unfortunately just one hardware key can be added per user, there is no other way to add multiple keys to a user.
I'm sorry, but this doesn't really answer my question - "Why there isn't a possibility to register at least 2 U2F devices?"
This makes whole U2F enforcement nearly impossible as you aren't able to register backup and U2F enforcement was actually one of our main reasons we chose Okta.
Could you please forward this question to engineering and ask about the timeframe in which they plan to fix this implementation error?
Thanks a lot!
Jan
Hello Ján,
Below I have attached the public facing Roadmap for future products. I've done some internal research regarding multiple hardware devices, specifically for U2F and for now, Engineering has performed initial tests on the functionality. If what you desire is not showing even on the Planned tab, that's something that will take at least 6+ months to even reach EA stage.
Link: https://support.okta.com/help/s/productroadmap
Best regards,
Vlad Huma
Technical Support Engineer
Wouldn't it be possible to prioritize it more from your side?
Thanks a lot!
Hi,
this is unfortunate U2F implementation. We need a way to attach at least one backup U2F device to an account. The main U2F device can be simply broken, lost or stolen. It happens, it's just a piece of hardware. Backup U2F device stored in a safe place is a must for any serious U2F usage. You should consider this as security issue. 6+ months for fixing this sounds crazy.
Thank you!
Hey Vlad,
Is there anything which we can do to help with prioritization of this?
Please note that this isn't a feature request, but more of a bugfix request as based on U2F standard, you should allow registration of N devices.
We too sign up to this request, to at least cater for two U2F devices onto one account.
Submitted a feature request for this bugfix - https://support.okta.com/help/s/idea/0871Y000000OSSkQAO/detail
Please upvote if you will find it useful
Pretty please, with sugar on top, implement N number of U2F devices, where N>=1.
Wanted to upvote you Jan Masarik, but they've disabled commenting or voting on your feature request.
I was pretty surprised myself to see only 1 security key supported. The only other implementation like this I've seen is Twitter, which is failing hard on security on other fronts as well.
N keys should be supported! Especially when you have a combination of USB-A and USB-C devices...