(I know very little about this topic.)
Current setup for registration/login is:
- user types in username+password in browser
- browser sends username+password to server
I would like to change the setup to:
- user types in username+password in browser, presses key on security key
- browser sends username+password+security_key_token to server
On the server side, how much extra work is involved for this?
Here, by ‘security key’ I am referring to devices (like Yubico) that plug into the USB-A or USB-C ports.
From googling, there appears to be standards called “Fido2” and “web_authN”, which may be related.