Adventures in two factor authentication: I want to use a security key with . Doesn't work. Why? Because I already have app/TOTP-based 2FA enabled. And I can't disable it because I'm a member of groups that require 2FA. So no way for me to go from app to security keys.
Conversation
You can definitely have both enabled, since I have both enabled right now. I don't think it's possible to enable only security key 2FA on GitHub, they they seem to treat using SMS or TOTP as baseline 2FA and security keys are an addon to that. It's a weird implementation.
1
4
The only service where I've been able to remove TOTP 2FA and use only security keys is Google.
OVH, GitHub, GitLab, Bitbucket, Dropbox and Twitter all require keeping around TOTP after adding a security key and don't allow adding the security key first. AWS is even weirder.
1
3
AWS requires you to log into your Amazon account first (including TOTP 2FA) and Amazon accounts don't support security keys. However, AWS does support security keys separately from the Amazon login so it makes you enter the password, TOTP 2FA code and then use the security key...
Does the AWS 2FA still feel like a cludgy addon? Life was so much sweeter with AWS when we told it to use a 3rd party IdP, I hated AWS login, possibly could have had fewer accounts or tied them together better but it just felt horrid.
1
Only in the sense that I don't really understand why I can't have the security key on my actual Amazon account instead of only AWS. It's weird going to AWS and using the security key right after entering a TOTP code. I want to remove TOTP everywhere.
1
1
2
Show replies