This release contains Multi-Factor Authentication (MFA) capabilities for Hanko backend and Hanko Elements.
Hanko has been optimized for WebAuthn and passkey authentication from the very beginning. However, the additional implementation of other, potentially weaker authentication methods such as passwords and email passcodes meant that we also had to add MFA (or 2FA). And here it is: TOTP authenticator apps as well as FIDO security key support.
As a bonus feature, we added the option for MFA enrollment during registration and login flows, allowing admins to easily enforce MFA adoption among their user base if required.
TOTP authenticator apps
As the de facto standard for 2FA, the most obvious benefit of Time-based One-Time Passcodes (TOTP) is their universality. Users can choose from a myriad of authentication apps such as Google Authenticator, Microsoft Authenticator and many more to generate the one-time codes – no special hardware required.
Security keys
We just had to support security keys as second factors due to their unmatched security benefits. No other MFA method can protect users as reliably against phishing and most other known account takeover attacks.
What's Changed
- fix: session delete action by @lfleischmann in #1793
- feat: introduce mfa by @bjoern-m in #1645
- chore: autogenerate config JSON schema by @FreddyDevelop in #1959
Full Changelog: backend/v1.1.0...backend/v1.2.0