Ran a couple of early tests and things seem to work very well!
Backup keys not a problem at all. Still need to see what happens when I use them all up
Speaking of which, what is the recommended procedure for assisting a user that locks him/herself out completely?
OTP equally works really well.
I don't have a U2F key but when browsing with Chrome the procedure starts as expected.
One seemingly odd thing is that when you stay on the browser tab while the U2F request times out you get a nice message on the page itself, when you go to a different tab (and the timeout happens in the background) you get a scary popup:
Code: Select all
It seems something went wrong...
Registration failed with error: 5,NotAllowedError: The operation either timed out or was not allowed. See: https://w3c.github.io/webauthn/#sec-assertion-privacy.
I have a feature request. Most 2FA interactions that I know of, offer the option of not asking for a 2FA key for a period of time (a week or a month). Given how many times people tend to log out (or be logged out) on a forum, could this be added to the extension?
Other minor things I've seen are cosmetic. I'm running a custom style and some of the interactions look a little weird. I should check against prosilver (just jotting this here for myself, really