Open Bug 1820725 Opened 1 year ago Updated 2 months ago

Create an about-page to manage security tokens

Categories

(Core :: DOM: Web Authentication, enhancement)

Product:
Core
Component:
DOM: Web Authentication
Type:
enhancement

Tracking

()

People

(Reporter: msirringhaus, Assigned: msirringhaus)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Attachments

(2 obsolete files)

Having a dedicated about-page for managing security tokens has multiple advantages:

  • Most management-software is vendor-specific (e.g.: yubikey-manager will only manage yubikeys, and no other token, even though the protocoll is vendor-independent).
  • Gives, IMHO, a better UX for situations like this: The server mandates that the token should have a PIN set, but none is set yet. Chromium is solving this by prompting the user to set a PIN during the registration-process. Instead of doing per-token actions during a per-login dialog, we could point the user to the about-page instead. Hence, making it clear that this will affect the whole token, and not just this one webpage-account.
  • Gives us the ability to debug problems with specific tokens easier, by showing the token config in easily accessible plain text for users to copy.
  • For future CTAP2.1-work: Gives us a place to expose even more management-functions like looking up and deleting credentials (resident keys), managing biometric data, etc.
Depends on: 1830944
Duplicate of this bug: 1817491
See Also: → 1819346
Blocks: 1841398
Attachment #9321581 - Attachment is obsolete: true
Depends on: 1854618
Depends on: 1854620
Depends on: 1854908
Depends on: 1854918
Depends on: 1855179

Hello, are there any updates on the following?

https://bugzilla.mozilla.org/show_bug.cgi?id=1820725
https://phabricator.services.mozilla.com/D173038

I like the current webauthn functionality which is available. Here's some feedback:

  • Device Info - a little too much for non technical users
  • PIN management - current PIN should be the first form option IMO
  • Manage credentials - works great.

I'm curious why there is no FIDO2/reset your security key in about:webauthn as Chrome as it as the last option. That is a highly requested feature and it would be great if it was available soon.

Attachment #9323988 - Attachment is obsolete: true

Thanks for the feedback!

Hello, are there any updates on the following?

https://bugzilla.mozilla.org/show_bug.cgi?id=1820725
https://phabricator.services.mozilla.com/D173038

I actually should abandon that submission. It was split up into multiple submissions, with the exception of one, all of have landed.

I like the current webauthn functionality which is available. Here's some feedback:

  • Device Info - a little too much for non technical users

I'm aware. The reason we show everything anyways is that it is a good debugging-tool, if something goes wrong. We can ask users for the output of "Device Info" and have a better overview.

  • PIN management - current PIN should be the first form option IMO

We probably have to involve the UI-team again for this one.

  • Manage credentials - works great.

I'm curious why there is no FIDO2/reset your security key in about:webauthn as Chrome as it as the last option. That is a highly requested feature and it would be great if it was available soon.

This is planned, but currently blocked by https://github.com/mozilla/authenticator-rs/issues/312

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: