Add a report on hardware key 2FA (FIDO2/U2F/WebAuthn) not used in the tools

What will this feature does differently?

We now have the “Inactive 2FA Report”, but it only informs us about the unfilled TOTP codes in the safe. This feature proposal would bring information about the hardware 2FA not used.

Note that I use “hardware 2FA” to refer to standards such as FIDO2/U2F/WebAuthn.

What benefits will this feature bring?

This would allow all Premium users with a YubiKey to know exactly which additional accounts they might want to protect with their key.

How to set this up?

This feature requires between 2 and 3 different implementations :

  • Add support for detecting sites that support hardware 2FA, which is easy with sites like 2fa.directory.

  • Add a button in the entries of type “Login” to be checked in case we have the hardware 2FA activated for this site/these sites.

  • Eventually, propose a button in the settings to indicate that you do not have YubiKey, which will not propose this type of 2FA in the report .