jessikitty/drop
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Add MFA notes

Browse Source
This commit is contained in:
DecDuck
2026-03-10 18:24:04 +10:00
parent 150ff87856
commit 0a14fb412d
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/src/content/docs/admin/authentication/mfa.md
+16
View File
@@ -0,0 +1,16 @@
---
title: Multi-factor
description: Notes about the various MFA/2FA method available in Drop.
---
## WebAuthn (a.k.a Passkeys)
Passkeys are a passwordless authentication standard backed by both HSMs and software like password managers.
Drop supports them both as a MFA method, and a single-step signin.
Passkeys are expected to work out-of-the-box on all installs, but you may have issues if you don't run Drop over HTTPS.
Additionally, if you're having issues related to the domain/relying party (RP) reported to WebAuthn, you can set the `WEBAUTHN_DOMAIN` to override that. WebAuthn requires all relying parties to either be a domain (example.com) or a subdomain (example.com)
## TOTP or code-based
TOTP is expected to work out of the box.