Editing my profile here on this very support site, I see there is a basic way to enable two-factor authentication prebuilt in the website CSM, basically involving proprietary phone apps.
This led me to think, some day with plenty of time (i. e. if you are like me…never, but anyway!) it’d be cool to propose authenticating here with your very own Nitrokey…
That’d be a very efficient exercice, end-to-end, to propose for new users
“Want to try straight here, right now? Plug your Notrokey and let’s be started…”
I do wholeheartedly support that!
actually it is working out of the box! As the procedure is indeed quite classy, I decided to go with your proposal and improved the instructions on our website by adding a generic guide based on this forum as an example.
Please let me know what you think about it!
Thank you for your feedback! I tried to adapt some of your tips!
thanks for the procedure, it works for me.
Just a point: what about if I lose my key? yes, I posted some questions for this case, but in a general situation. Here we have a specific known one
This forum’s recovery password mechanism works only for a missing main password ; in such a case the second factor auth. is required.
But did you implement something for the opposite case: the nitrokey is lost (and not mandatory the main password) ?
Thank you in advance.
we did not implement anything special. The software we are using for the forum is called discourse. It is not uncommon, that there is no recovery option for the OTP login afaik. I didn’t tried the recovery for discourse yet, being honest. Generally, the safest would be to save the secret code itself securely. But then you have a copy of the secret code. So make sure that this is stored securely.
ok, so as I can’t reveal the secret code (the one provided by the web app, let’s say) from the NitroKey App interface (windows 10) , I need to backup it when I activate the service. After, it’s to late, as I do not have any way to know it.
And if I lose the key, and if I have my secret… what can I do ? Using a TOTP functionality of KeepassXC with my secret code to recover my access could be a solution, or I need to wait to buy/receive my new NitroKey Pro key ?
everything you said is correct. You need to backup beforehand (as you can’t get the secret code afterwards) and you can use it in any application/device using the TOTP standard.
Thank you Alex.
I would suggest to update the procedure you created
You may create a backup of it (in case the Nitrokey get lost or breaks) by writing it down on a sheet of paper and storing it securely
by putting the stress on the need to backup it. Now it’s created, I can’t do it anymore, I’m sad of that :’( (even if the forum interface proposes 10 backup codes. I guess those ones should also be stored securely.) “May” could be replaced by “must” Just my advice
I am not sure about it. I think other people would advice to not write it down. Therefore, I don’t want to put a must in it. Or maybe I put in something like “you must create a backup now if you need one”…
Ah, and you can just deactivate 2fa now and reconfigure it to have a backup!