Adventures in two factor authentication: I want to use a security key with . Doesn't work. Why? Because I already have app/TOTP-based 2FA enabled. And I can't disable it because I'm a member of groups that require 2FA. So no way for me to go from app to security keys.
Conversation
You can definitely have both enabled, since I have both enabled right now. I don't think it's possible to enable only security key 2FA on GitHub, they they seem to treat using SMS or TOTP as baseline 2FA and security keys are an addon to that. It's a weird implementation.
The only service where I've been able to remove TOTP 2FA and use only security keys is Google.
OVH, GitHub, GitLab, Bitbucket, Dropbox and Twitter all require keeping around TOTP after adding a security key and don't allow adding the security key first. AWS is even weirder.
1
3
AWS requires you to log into your Amazon account first (including TOTP 2FA) and Amazon accounts don't support security keys. However, AWS does support security keys separately from the Amazon login so it makes you enter the password, TOTP 2FA code and then use the security key...
1
2
Show replies