WebAuthentication Support enabling use of Hardware 2FA devices which implement FIDO2 protocol

[stuartm]

I'm not sure what the project policy is on raising feature requests as issues, I can move this to an issue ticket if it's allowed.

So this is related to a feature request that was discussed in this thread, support for unlocking Buttercup archives using a hardware device supporting the FIDO2 protocol e.g. Yubikey, Google Security Key, Token2 et al
#69

Back then it was stated that this would need to be supported in Chrome/Electron. It's possible this wasn't the case in 2017, but today this is a very mature W3C standard implemented in all browsers including Chrome. It's also a very easy API to implement.

https://en.wikipedia.org/wiki/WebAuthn
https://www.w3.org/TR/webauthn-2/
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API

The idea would be to allow the registration and use of connected (or NFC) hardware keys (plural) as an alternative to password (with password as backup) really just for convenience sake. A key for example can be scanned instantly as opposed to repeatedly re-typing passwords every single time you go back to Buttercup - which might be a couple of dozen times a day for a power user like me.

[perry-mitchell]

Yes, I think this is on the cards.

I'm no FIDO expert but there are methods of hardware key authentication we can use and some we cannot. Of course being that Buttercup is offline we cannot use techniques that authenticate via a remote source (default Yubikey functionality requires this). We can of course use it to output a stored password or encrypt/decrypt using a stored private key.

So yes there is some feature set here but I'm not sure what it looks like. Hardware token authentication via the browser extension (webauthn) is most definitely coming.