Bug #22201
openUsing a passkey shouldn't also require a password
0%
Description
I noticed that GitHub doesn't require a password if I have setup a passkey; it just uses the passkey. However, I also have a passkey setup on CAC, but it asks me for the passkey only after I enter my password. Should not the passkey suffice?
Updated by Raymond Hoh about 2 months ago
Hi Raffi,
The plugin we rely on for WebAuthn passkeys is tied to the core 2FA plugin. So at a glance, it looks like the WebAuthn plugin only supplements the core 2FA plugin by adding WebAuthn as a provider and does not do any core changes like bypassing the initial username/password authentication.
I also checked the WebAuthn wp.org support forum and their Github issues list and no one has raised this issue before. That being said, I'll ask the WebAuthn author on their Github issues page to see if this could be addressed in their WebAuthn plugin.
Updated by Raffi Khatchadourian about 2 months ago
Thanks, Ray. I feel that this should be a new plugin that would replace the existing 2FA one. A quick search revealed the following:
- https://wordpress.org/plugins/ownid-passwordless-login/
- https://github.com/ivankristianto/wp-passkey
- https://wordpress.com/plugins/wp-webauthn
Updated by Raffi Khatchadourian about 1 month ago
By "replace," I mean, I personally would replace the 2FA plug-in with just the passkey. But, if there are other users that want to keep using password/2FA combination, then they can continue to use the 2FA plug-in.