From 0a14fb412d642804b4dbdd6ed2a2113957216aa6 Mon Sep 17 00:00:00 2001
From: DecDuck <declanahofmeyr@gmail.com>
Date: Tue, 10 Mar 2026 18:24:04 +1000
Subject: [PATCH] Add MFA notes

---
 .../src/content/docs/admin/authentication/mfa.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 docs/src/content/docs/admin/authentication/mfa.md

diff --git a/docs/src/content/docs/admin/authentication/mfa.md b/docs/src/content/docs/admin/authentication/mfa.md
new file mode 100644
index 00000000..ba2d7dab
--- /dev/null
+++ b/docs/src/content/docs/admin/authentication/mfa.md
@@ -0,0 +1,16 @@
+---
+title: Multi-factor
+description: Notes about the various MFA/2FA method available in Drop.
+---
+
+## WebAuthn (a.k.a Passkeys)
+Passkeys are a passwordless authentication standard backed by both HSMs and software like password managers.
+
+Drop supports them both as a MFA method, and a single-step signin. 
+
+Passkeys are expected to work out-of-the-box on all installs, but you may have issues if you don't run Drop over HTTPS. 
+
+Additionally, if you're having issues related to the domain/relying party (RP) reported to WebAuthn, you can set the `WEBAUTHN_DOMAIN` to override that. WebAuthn requires all relying parties to either be a domain (example.com) or a subdomain (example.com)
+
+## TOTP or code-based
+TOTP is expected to work out of the box. 
\ No newline at end of file