Add Proper Support for Multiple U2F Keys AND TOTP One-time Passcodes at the same time
Pleas Add Proper Support for U2F Keys AND TOTP One-time Passcodes!!!
We should be able to have BOTH TOTP (Authy or other) AND U2F Keys!
We should be able to have MULTIPLE (5) U2F KEYS!
I just added an Authy key but then I was no longer given the ability to set my U2F Keys.
Both TOTP and U2F are very secure, but we need to be able to have more entry-point in them to have proper backup. We shouldn't need to be locked out just because we lost one of our Yubikeys. We should be able to register up to 5 Yubikeys like most other sites do, so that if I lose one I can use the other to get into my account and add a replacement.
It is ridiculous to only support one entrypoint at a time - that gives us NO BACKUP way to get into the account besides account recovery, and account recovery is a big loophole that needs to be limited as much as possible.
The correct way to support secure methods like TOTP and Yubikey is to support them BOTH and to support multiple Yubikeys at the same time. No malicious hacker would have my TOTP code or my Yubikey so it is just as secure to give me the ability to have multiple Yubikeys and a backup TOTP.
It is true that TOTP is more subject to automated phishing but if I use my Yubikeys as primary and TOTP as only a very rare occurrence then my risk of phishing from TOTP is extremely low.
Thanks,
David