Hello, I would like to ask something about W3C Web Authentication (WebAuthn). When I enable it on my Joomla site and scan the QR code to my phone, I am able to log in without my password, but the password option still works, too. So do I have to take some additional steps to disable the password login in order to get rid of password login security flaws?
Also, in case that my phone gets lost or stolen, will I be able to log in to my Joomla site? In other words, is there some rescue method with WebAuth, like “safety codes” in classic two-factor authentication?
And last, I did not need to provide any fingerprint or whatever when login with WebAuth, all I needed was my phone and the QR code scan. Is that alright? And what if I want to log in to my site directly from my phone?
Thank you very much for your answers.
Also, in case that my phone gets lost or stolen, will I be able to log in to my Joomla site? In other words, is there some rescue method with WebAuth, like “safety codes” in classic two-factor authentication?
And last, I did not need to provide any fingerprint or whatever when login with WebAuth, all I needed was my phone and the QR code scan. Is that alright? And what if I want to log in to my site directly from my phone?
Thank you very much for your answers.
Statistics: Posted by warpw — Fri Jul 05, 2024 1:52 pm