Differences

This shows you the differences between two versions of the page.

--- manuals:vps:users [2024/01/02 18:09] – Session control aither
+++ manuals:vps:users [2025/02/23 16:40] (current) – hw passkeys first, more sw examples aither
@@ Line 33: / Line 33: @@
 ===== Two-factor authentication (2FA) =====
 Two-factor authentication for vpsAdmin using
-[[wp>Time-based One-time Password algorithm|TOTP]]
+[[wp>Time-based One-time Password algorithm|TOTP]] or [[wp>WebAuthn|passkeys]]
-can be optionally enabled. You then need both the password and TOTP to log in.
+can be optionally enabled. You then need both the password and one of the
+additional authentication devices. It is possible to combine TOTP and passkeys,
+using one of the configured authentication devices is sufficient to log in.
 When enabled, the two-factor authentication is mandatory for access to
@@ Line 42: / Line 44: @@
 will cease to work.
-FA can be enabled in profile settings (vpsAdmin -> Edit profile).
+FA can be enabled in profile settings (vpsAdmin -> Edit profile). Note that 2FA is active
+only when there's at least one authentication device enabled.
 {{:navody:vps:2fa_status.png?200|}}
+==== TOTP ====
 You can setup TOTP e.g. on your mobile phone using applications like
@@ Line 66: / Line 71: @@
 {{:navody:vps:totp_device_list.png?300|}}
+==== Passkeys ====
+You can use hardware security tokens (YubiKey, GoTrust IdemKey, etc.) or software keychains such as KeePassXC, KeePassium, iCloud Keychain, Google Password Manager, Microsoft Windows Hello, 1Password.
+Authentication using passkeys is available only in web browser, it cannot be used
+with [[manuals:vps:api#cli|vpsfreectl]], which requires TOTP.
+First register your passkeys in vpsAdmin -> Edit profile -> Passkeys. Then enable
+FA in vpsAdmin -> Edit profile.
 ===== Session control =====

Knowledge base

User Tools

Site Tools

Differences

Page Tools