From 966404aa5cbc301722336d62da156250972b889b Mon Sep 17 00:00:00 2001 From: Alex Date: Tue, 28 Nov 2023 20:57:37 +0000 Subject: [PATCH] Using Security keys on Codeberg (#367) This PR adds docs on WebAuthn usage on Codeberg. It attempts to cover: - using WebAuthn as a 2FA option on web logins - using FIDO2 over SSH using the OpenSSH client Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/367 Co-authored-by: Alex Co-committed-by: Alex --- assets/images/security/2fa/webauthn-nick.png | Bin 0 -> 25823 bytes assets/images/security/2fa/webauthn-nick.webp | Bin 0 -> 11486 bytes content/security/2fa.md | 58 +++++++++++++++--- content/security/ssh-key.md | 18 ++++++ 4 files changed, 69 insertions(+), 7 deletions(-) create mode 100644 assets/images/security/2fa/webauthn-nick.png create mode 100644 assets/images/security/2fa/webauthn-nick.webp diff --git a/assets/images/security/2fa/webauthn-nick.png b/assets/images/security/2fa/webauthn-nick.png new file mode 100644 index 0000000000000000000000000000000000000000..cee367c02322373d0d1a77b0d9e1c0d878a50613 GIT binary patch literal 25823 zcmcG$2{e~`*fwhKb|sRb43!~NB(spYBno9nAybAZW5|@LA{j!;EF@8=%=1*n3>nIl zdB{xWdHSw@`+eWZTz3-`AzqI-Pd*9kB{nQQx_{rN9YB~I8m#y?=HDY4ot^uWfBBEnNmu1eYIlh|eaT2GV+##AB zePyWE6)b)BXPBByjxtM@w|wZ0>6FkYnjY<&J;7N?&exI-sWcmysdx(Q)67gcP+MZ# zu(=%`>0DysXK6XS;#9h6-S8^HL~@~CpwXq?$@oCh$B$%x;l@NnO@Ytd@BjIZh{(m{ z`4Hi$h#qe5vC;nX!=}D-0i=JvTR-~M`p-wsx$hF;{_~?Tt7Fx>|9rPa_ABqtH?K<{ z(bN97|b7W}9BWeLJDBa3f8>ytmXnHYP^$*5`+kzR!M6w5Is9&&|#4WMmZ;6$zTP(H%WH z(^D8G!?IQP{m=7%ZcL^9r~0oyHi6BS(%fFfgo&4-XIH z+tG&T@;=i$ce)E5X1eojWo2crUcE{j_k@(TA)Id)^C1d~d#khhqS2q?2w#*355}jY z6yE)DlI5#OV+P*bZUwZwdwtnfMb?b|m$ zTAt9LApMx%V`CcH+MBZj8|| zv~+Ze?~kh;|44so3I zP*t(pmM9BL*^eI!7)V4!1S2D3T^P^Ibqzs5!S+-=Cei!sb@%bv%a<>EK97t%B3aqm zD#*z>HS#SA!?U!qQo3|0EhD3BL5Bt-RtV$%_~FCi!oopHO6Ejc(%#C-+gN9--lFD~ z7DXkc)c5aamzQOUTie^okDR%5<%&iB=SNjlRmGkE9v(b-kAw-P#oF4sx3?F&+|tq# zlU7-M^w;okNO178wZSU?quBG=+1XE?JRxS5kSOl;x@~M+71M9?_U&7vTem0to#9zo(~rdV8-bj?xqr7Z-Y}C`I9|uZB_giH8k=@ne+4WKWgRvUYcxgZf^GV^&P4X z96cN5>nnfjRzGgqma123)hEfs#N;BH+kfg%?FY?F%kI4NyFU^;Iy&(00d;qbnQZ_5 zPkN<{M~*yL7`ej3!((DH8YA}~fv7WAimAP<>~Ch7_+|>}`BxeqLTyR@UmqhOnR@pB^JNpkCg+0sI;@ze@1^FYy?|wh-*_3g+E|f>F#QbN*Zc-X=U*8*QYG;Im zKIs;Be*Nk#pAd7_`b}Y>macBehY!!>6K>wTIWabN%=7QR|EA&5)z;K>n(9c8dCJVj zR(*??aEthORyH;^9v-DQ_Rl!_rJDTc9mbmC4v`EGR{D{V zkx@}mA;2KuR9cA%@binhuHRQyZkj3GX}HBJ`;6|<4(H(~();j5Oq};%$y7%t`q{H* zVPUk=U(3o2raQAS#e95x@v{D%C9Yy_b?QoIMMQ2J8F_koKCk)Zv6sBIu8!3+@k-Rl z%#4+x;g6T2ghg_9cbAi^#_`oHeh{KHn>YUB9ovZ$e0miYW@cTb?(P>Zlt27ySABiG zxP*kW?$iHx^m7JGq#LITT-N4$i=BCN3S`752At<+XL0PVC@N01Qt1C1Ep{!f$7IG{ zF*Th)+{6?sDk_#3KJIF2dj9g|!sgn->gwv1D53L@|Ln9`(zW5#p^3>!R!_w%R~%+~ zxtN*fihaM;*4o(FVH3Q<$w8AT#8CcwpRjD9Nb^Ae$7L&!_AmeHHO9&h|^AN|Xc%y9jBv z%$ae-zRn{gBqTDjbA@zTY_cYFn_WtuHLm%N+Eo@77PtF%w&V;AhXNSHge<#Pkw+1M zU9^~8Thba|i7d@uma<8qm701BH z(6HQD2*WCWyqmP-ns%QadG4az+PLIR5zYP)`pFZO+}a0+ZgD(T`>zb$V(Fr~@;Ykd%ao%r{6Hj8)*_Ne$!CQ%zE1V2E~J`HdipTuu2z zF-Ba3o!wij*f97R{ZMzNNuZw}DWC22>#grq;t_$7xR4h<#mC2g{5aj;|2!(H zPSspZt))If0G~htL<*ku0Y?4w>C@rEheJa{@pw8qI#?>qX8VsHKib-Kb1m@`24_$F z?ZCi5Vqzk8AE2aFUrFV=_O>=;R>~dAhUVrV??(x5D5Md@veVL(uU(50w(5PS6g&G9 zbMIZJgJ@q{TZ`PW+9emrc-PGA$M|AQDvN|f&zCRfb#z<-6OhfPw3?fm(ky#KuUz?t zow#@JUQ%LW3Z``R!rWY8+dg$o&C3a@3kwSor9zl5@q7Ib0Yias{Qa+7zfN6^``;Js zsjja6{P`TNiBmi^V9n_(8~^cUwmi-g;(mF#M~7eu&hPfN^YT=4Yb)0J!_%j73JMAi z4l8djzvSTH7-@`EN>KIi@Sv0ih$E%pY{H)j7}qCXPdRe*X!DNS94!-*6mXcgx3|wh zwu~w5!LE*~D%sn&hesP@8-cF_W50${NdNWMUwAg`0?dV^!|!gC1V7DUw%8YzmN5DI zNlAaSw%Xa+MoGG^H^l&Ms;{)PurO*U)F$OL zBV~p#vy@b6%}X}3J9jiRG`dS%quyIA(|MOoPELk#>mNLUv=QHcvGht@d?*a0IP#Y`^ek?kC3(U>LF(Crcre$F;=_C6uK)^P zZ|^iLrn-8pfXP*Rdm(A>t_A~L9c(aUrMcd_C=k4z^}eL@WmfaBvpWKkT)1!nk9Qlss4>VP4!^v&FI^Yhs_BPzdd}tNVD4v3ReF3ZjDy zaZ*ak(Zh$CJuz>~Q$GdVHXX^x{GAp?2C|=?wJWR0Njo!z)537}9?{Ms60sVGppX!a z`{d|ou2BsYqZ#vkdwbEdXT@Dsd2u}C6TF^0Vdgg3TVek`<5lOZQ(0NrY(sZv=X%>m ztyP(#u+`PMct1bC|_4k$Ft>b0!bD4{uWhBznwy|^6)YQUPMi7Ys#Ok?5Bqu76gHXTFaBF+(eGl;S zQ;?UB6tzqC^6~;GYu2+?=uq^TJppD^<4*K7x+>w(Gi-@kw3xNNMgr7PuT zW_G0;?)8_gtFJ#JC@5h!amY(QAt3=r8yg)Pkp;?ITU(>^iWapq#d@roBNiac71~YGYzs+A>8Yrszj^am zs>vqx!;mHZwC5w&;{;AyT-AB*K2`)b8E8 zi`{o5nVI!BSLZN{a$ZhW)(e*}C*|iKE>9a9yJKi*XlrX*^pBL36oNra>YI!VRRx99 zXU=2+JO~NhxOj0Gm*za0fkOH8=@g7`aL|C9oSd3E1h>DJvb?x>|HO#|rC7;eQ)I5mN4w>9!UY7IW)gMq~MJ*S=&^ z;y8VpoKgIJLPBdthqrzQRwz3w3(tdSeKl6{V{&qVX)8zQl_AIAwbfM(EiLTo9YAK( zi|#vHE5J$K7jGcE-marDP(aX9yKy5lIQZ?mce(C6Zp&Q5D(d1aMt7y@yn2e91jNJ& z5qW|ACnhEw>wZyseEj$^AfN&FlyX_6IC?bY?c3lNFUr1O!WjU7LNFmEAwiMgz3VV7 zEv+!3!TxgO>ihTa8yFhSjZev)$kiQAx#Ac7;sup0>wxvczG7!}B_$rLK|#Sf_BFx? zX1Cj(CN3qVuC~^6dvk4kd>jQln3ak=rmx~h1Z+Jq($ngnTsD?1^!4Kq4pLH1=lU9G z=4555q1fvyrSr0La5&Auk@)VNA)WE9TeB;D?#O(|yS;hV9uAMXACMd4syHi1oU2_Z zL9a%h8ULASf>VbT2jl_vqI-8W{IG3#RqEgUsSZ;e`sU_}ucGJ~7s`Ahz`>DRR3y&AB8?>6SL(p66k)Qd1V3{*4QWW$HLvelVyUj=omyKM1tpP_ zlYh3&Je;9{!fB6AM@jE6a)vABb(1+!d4~GsJ(2WcaXWIkT0K>FF5pLP?F2Z9RT-Rk6nps0@82cB4hF`(BlQus z%Tt~xxhn2Rpe#1lP7WMfdNW7I#m0bs;ZCmJ3#x)J#@|^K`l9ws}Rb$hWHc_W^wnf zimK{^+5W$_bCQxSU%5gi^)~-{VSfG^qQ;yLatt{MNm=;!u#pjCgpAcy$53Jsnx%F< zcOc~qHO@zdDmbKwa6o6PT>zE<6o62;`_Pb~fkD|V-r2wdzy*$T2AhHk0d@6#eeP@X z!*p5!bw#!>U%nJPbH@9Kaf7vw+sF9$T{|cLD(3~_!G5Glxo2Zz&}c2fcpKCqA|Go& z6E1(^#EGIw0u*a%`mFUNFt8C!n-7)$&oXW-a zpeFeiC45j}Ks_#P=bJTRGMF2YPrGBU>FMqC6guqLvj-5Un$1RxLu8qwD2hgIN`yOi zmkXe;Oha=|4-UNR%5NP@F~8ZdW>!#AjLdw0j-i5QMN+}**XNK?z&x?_(B}RS_xJ*4 zj%9+r`VT@77|Aqtb}sbwCE4~DYCsallF@0g)j!VHH!(Iw7#n)(6BjptbBDymx8Kad z;`)sn4Gj$==`=K)J`4hbQ=jLQZ;NDqixvx8d)Qg*oC~zPoDg>GCMkKnbE&!rck^yL zdwVJ!irko3xx&HFA)9U&%OKl2>(Y;XBi^#{_+b0z&;4J6SZDf5F+{UB^hzv6w%Q|% zbVD&iy(O+%>gu#st-$EWZ>#RKo;$A(W@cyi6xf~KUPmE-03nm<cl?z~!lGHErME$b7Y!7nPC8nX_DwfVuSw*E8 z<95DYlAdm@WE>@E7K#eT);1FaoVht?^#(bRo{)J5FW@HV>;7wbl_>A(yK=2~Zf3pD z$yvsE)Ya7`j*Av^_@tfxy}sW3%j4a^|A_dU!*Za$y}U}?cNm!$fhR7%JUQ^=qKwRJ zoFj1@iW5A8gM$N=k0*rzFCB3l&dzy{J$$q$jvtrVe~XHi*2>E2-H-7@Bu`}HfvTq} z{b&&$2-O1v1O4gb4<8h93LO>po4-?LUteEGmK5aUbJ|=@FD!I^@L)Y&F7Rzaf`EVk z&@ZL5g!V-@w{095A0BVu2~JMVaN)R&j2BnmnVFgnT2)q5c*ouCPIj$&b{IoN7Cpto z(^ylZpRZDYw49RSm#}s3bZuqjFrETjc|bq_PIGL{d+U#Un0N&El?jibl=WSP+0gNm;d2~hLGpa@0gjDJ8;*TBWJ9V z0^c(;$Kf!0Dqp_5Z+nXqfMgg8%}Ht_R*MI_(7nNO;>7JccN{0%xC8~WQTTw%q8#c9 z4i5I_YHe!+Rx&d;4}Si9OkZa%;CcQ&>_6ZJOenHn(52)1%e||rSogfSNg)k9OEkrPs1~(E!rQmrKl2zu=$)y1ucSQ9W9VPaeqXx1PP+3R0VFxux4MBvNK;nU zD}j8#`q;`_KGJ>r0RDzjfre1yV+c33w4A@YTFbBmfvIxan9e;aY?)VB2p|Za%u-P4 zM2MU}^aqXlC}5ux0nHn7^v$rkY+JG(b+>ZWXdz9BZz)x4U9%^Q+;^3cdA*Iq=*% z6oE0NPos}7B&J)rS+VYLZwXm;r0L@el0Y7~w_i0cb3tsww4{&FiVR>slr_ampY ztSnSP&hqlUNlACj%|Ap$9G3j-^V7Y_XTakFg|uVxg#=Zf+@hy0i)ouo?;S+ArM(gD z5E~jAEN6O)wQ|faU%e_zjLFd}wD%9+o9cj>-&0Md5cPZD+dqhxM}^Eaq@~Ls#E_7Z zqVnt*t@--(p0#zp&9HA~ra=16*($;@186PRvXLH2<}4s{BM-mAw~@4?W6Nz_H2li0%4$Rz_P)xf^vmk*cL_B z{QSK7C+)*$?kJm@axCyNgl0dl*?E>SGCInpd-TYWs)~vtx2?#)K&5NfY(c)RUOWa` z6jhq;$1;E(+=yQ4L{6|4U3c;pW)Q4wk?m*zkQj=+pQJ`sQuKaQl$85ONNO7zs!B&C z9xP%53C_IH*mHI;lajD);!=~6lW(To`VuK<_V=z`I2xdZ!7y}~4CUB5^B-L<6^>6M zSC#1w{AR8@3V&oA%%P_9vgj>x0^L(_ zNIY{iCzE(8s($F)@5_c&9hS~zJLKmj#!ABZRz?AAK~e-fdnWEU+fT^83d;1PoE#j| z-Ol6z-YPluQRg^Y%NK|v6u||$Z*S(OrOhJyVPGKX4jw#+k_{#LS0n!1>}N*=ed+Q6 ztn2v6b2Bd}UG?TPtKfaM7CxAxBfcyt(0llJF1NQ#PgPA<8fl0M_OcZ4qo ztUT_H0ETR_TB=m!(3g8c0E~!`kWj8wpOB!Szn`DsC(|-))pRumw>fWN1Lsl&wx13q zTWfg-Pbz*+y^1@lU%!rMFwWyecGQbPRayCKZLNW(yrSZV;^Jt>uJY=>7nhEY9AuXM z+S@BBB(w}h3sI&F9cvXk9doUPv!;c^33gvs{hrSxk1HOOKDLl!; z!^FtgpzV0`W+bSQq@+`B>q#Fz{G!XjlRkWS&dDkN%*&W8Mo-W>Kfq;l_w>xAob0~w zh~kKd&G7{;>v~~pdd;gnTa)y;E<4o`FRXM z)_ivzt008C8Y6y6S%5c4l-{>RZit1*UsqQT!~*#EM2Og)tUEIN>lXr*#_!qw8;7o< z5Ic747Vr*dn5PI$!lzHVV1v4q@Jtuto5NF&*m&yQE7JoMuy=4s)kyz)rVdETk!OPp zVi#`gol8$n6CiiEFzMR6ww4wn6BDTii+7+@Ror*^K({R_EUbR>=8-=75kk!(;X@G? z8amS7|N8A)&yERSt^E>nt>2jVjl6SnSAGNM%=G%FhE=Q7d{iH3%i2BxH23BW%Lwl* zsT7Kh^qTs@T}z3n{fY7M9vy_T6NLei`qbr>6C51A6fBmu`uQ(!LMTH$f=jvL_#@Nh zQ-6(L>6bl!{`{p&-cId9yU0rl66(p0G8^5w6CM;ahocM9ht;$G+c$u{SP5q@J-*=_ z8f2kCnhVQ0wbN6d(?5de02j+IAmEdWGG~>!d{08|LiXZCspy$$41;|)^bxkO)aRncnd%h*G0UU zwf{QEHeTV#X2m%?w3D&DzwyB2#Q;d^0Q3=1v=FzD>KG(lI?Bo(%dmi2JazgsemjzRJQ(Y8vh2WSuUhtgtyIn}{~PThOIDc-n|10sfvZEqL#V^HCZ6pAu_j|U2IAE4g=GbAZH8=FqVViy+|U~Ncj54JOj0fnFvtR{S!pSKw# zy<%@W+Te<4bnhOozpTR5tDvzs=7Iq6yuH6dMVe)m)75nY>5L@Dd*;kkD+kov6&yhz zESf`y4$;zrJ@-qg@Fnd!W2-BPvMZ0y0eUojJ`hehKJhmosUYx~ zYinx*a=E$|KYONVV#4NTfH-(kXhO`!-u?g?nd{~%fp5S)<>g5>#OVY1?V$-=OH>rG z9`tVKXIHdfY`5fL@Fcq5~tR;IhET`XSUWDJaq z(12Y!d>B;>$YFUGt#1Y(i%y%d}2>ZlYT zyf)U=LFS_0p61Aneo`K*0xBUCG#Ek;e!RGOZp14#wy&#e1DoXH#fxB&;bj03Br#qB z^ufZ##lXmj0?*Kpwf6^$C*6KotW)o0EK)MS6;Mex$**STd#o%hgA)@4V6DNs+_-UL zdu=q9Nz&z(oAd!;95L5?66kY=#>QS08EI*bSZ%PKy%*fNZstWZoMlYre3yf#(kXth zv^?DfH2_NtGJN&NKF9v_6)X&xTV#yFf&u{d04x6L2mK={5>jF?9{l?C3x#Lsqw7;q zjjT4y0+PSG)~8XU93*f03|fH+`3W%-Ap#5nq|=w7p*PgkN84mXVr23Jw^I$0Ho^ZA zlaR!Kfdl*z_Y!vLyE=9B9-(}YGN>S?^0|-Y$1z~qNMSGjYK?w%(&|^+%oL zld25H3I>r3oOu)=U)$R3@tgX}g1o%3v9WN3jPUR?XUowVP0Lbj*A5q%z&GdU>X=QQI4=HwtdP z=XHoVvhf4tedB8!nEcs7J(F*dw*g70sLCYYrKYB0i{ic*CL;Enwg_XZB!q2<6?mG= z{X~^moa%}SBglgwEg;lXJmt0FOpcE?MBE3HVQ+7bow@35+Iumm=2w6JEmQz-?TDN` z3o)R-F=N02+z6_8Y*OeMI2M4^+F5s+J@*}ixQM|ov{pKs;lJG6-1yZQVPPeC`N6Zl zUk#~LA;`LFYrl$)W>^R-!`F@t7 z)_vP)X`=PiwZy#qd~j8iNmA9(PYzO0e74fH#*OdaSG;s-Z0%9Ke}2A*+tF3*i9P%2 z&WRU&VC!ioB>ERGP#s~oD7CLVn?zWN26q5v6;j^J=;*um@4v>Mvn<|Aj^{-ktdnW% zpO7$|Y0}88o!9hoG+RK}-19lgd637xzO~TYDWuE2$X;k<3{G@=C^Ny!2G(&bpk2w$IF=5N?+>J@BzU` zGVtrq#??Hl$=t%iLd^pjR6c6Dy1&QAMO@bx;Xr}=2s1s<*KTX}W{Qon zqIhnhN_Fix)m`K?q^lyHj<}glAJ<)$HAk!GQF;kk^}6(b{!2h0lWF6%Hr2+Z4|-2h zQ>{>+qr@&%xQhvNwB6xO_-nSu$=SKRy?yUL|G0Dwf}6ksL1s8^Sv|M3l+b*K?dq%5 zN0e?WblV9tT`4XC%h9`u#!^9dq0*TLBOV~Ev)HEe-Dm4~iL3bUz{*>^C{jDBt=*zf z7GN)?Zqx4mOdbq-0q7ns(ns{Jj`PtFo z686u^=y-)2Rk7QrGID~W19T=mz2dtcB9ba`>Np=jtoAd#V2Z!FJ>?{lYC@6)ki^4- zGXj?!5fgKDQ&lGwXSWCi4=?X*is6Qvnx|AZ;a>hFU7AD>V@aZ~TA7+Y01v0ASWl49 zZ{L+tVq3npwq(-{d;ky60VdD&nVlJey#vJ^j)=w{^1o)w$>@0d0mkJ5=*Op~ppl5X zZJyn}RoH7|YkQi9$Kl?+v6?F)Qpd}fes3&u?8x>_a}s@4N{Ea5^7ZQ-SfId@RCr96 z{%ri=v!&)XF!!%-km%lGO2B`Z2_OD1Z39k0rXDv?tyL3n__2x6_{3*$-(jNzL^9`7h+01h>XmpW6U^dtKcm zQa8O6+&`NuQaP8a)A*id#%D}=pDHvs-MW?0SwL5DXyIkP$@k<^Cu;IOA=Q;)H{Is% zi46UnPuu6#M?_q&C2aHhVR2i#d&J9Vb;aSAFA`^t z&`J}xLWPeOTPdU^xJw>N&Zmsz0SiDdpqJv{;@aXa4OCCD_c}?BP^= z^@f;w_tLbuz!<^m47-dMf15pfx|H*rTQsy~?>=tnF<_tBU{UXAD8{YX-q0PLcWM&0rB07GZ4RV)Mn>;we$zMdZcMq?8b z2Si>dg?H}UA;{kR{4X@X>F|I%$8h(PkpB=?>OH3qGA#7J7!QS(^ zZ@X}W9KqJ+jERnxfWOG|IhdXh`ENBf=ZQf%Jbn5!Dl!reCn_RR?7Gny^3~g$n3R;% z&Ta|G2t`7sd20F_jm|Lo+_c2voa`7ny^wh5aR7eam=bxhH4mi*xZq;m)TSZ9VKMX4A67f;m4z zR!k&Q??g~;O7Ue{F)Z)~UKO?P|FXCIGre6YXH@AzN@O90w8~FAY)@0BTK==^RWk#7 zUHo4@p68el8`V3N_}iIb^TQry8MBF-)SAhz>MKNI(A> z#N=#PBR~-%*uX#vl<|MJJurAGqbdLegSrrwGW;PVIw@Lc-7_<#CXI}ck%0joI67u! zxs+Ur4GR-?UN#5WhGPfM#S15Ya1CGsVDp5Oo#(nCq@s4~)-4TN0}b1{%ljuG|?wDG&o1S$9-y7o^lJ zD5Ygd28WlTXO4ua4n4BV(>Dv-VRuRR?+vB(>FVWH~-mw{|o<--4k*?6;1h?v|w1 z&-azJDP&K{4i3o?lTi+L3Ef>C5`}CW7vQ>QH(=ZA{iQgk_eKjAYhF|wvoG33UfH!#`DJk3W;}sPZoEmB8 zu3l|`{T60%Ky4&ZsMxZ^pgIXG7LuTdi01k81JDK8Xrv&YFfr*F85!NXH@h&}2vd~@ z1*#w{KRus;jEl=Af!}A8s4apv-un6T=av>Vh|S1`RCnhH%mO5>iI!8~(tA%3w&uf& zJT~1qIYN6pm`|P*y4U|1w0?L*gsUCpsZ&X?68h7Nd?nFb5`oBPnZWV0n#8Ax z^W`9;T#psZ$+|@+bf@VUs2FEwXOObXFW^?t(bfhhg?xaT1@R0S|h z_V+&&&H)Jmg?e>;9j<(oz49FxT-`m^ORaFOd z{ zou2hQ@l-9)X?&;w86y2bZX1x@O)y~6g) zo{~BDl?D$vHNUghy!_}<*`dvk!R&qa_HA!Q3T*|wA&%qYXJPr9e!IF0R!l&gZ}s&w zoErTT6SaKR0QJ=Y49;_d7jdlA)z#&yrS290b~KNm3dagkNJD#uLx{jK-G@QOU>gex zfdIbcf&x+KYx;C5o#;N1k&(1I8~AU6`a}!W;tuK~&^bsK&=T(3+M=*JTDQNR&DoQ} zW3G|6>C-1}&*xyvwnNwQ_hN}raaM@`v&qfmw%sVgl5TFbkJPq-fp33Tk<&s;(lwt` zj@#erHB>ggvfh-xoB8bR!@*RN789pC1+UdNkxaySt$={s8q5+sOlz!)DV)v)&P`MeLz= z-KWjF-E!v_>36g4<|FYrGeb2hCviXHVt~GP?0i1&dC7+B|Gl)5R-cJ>6ep)Ogxmc` z&aev#+RY7CR>(Oj7;Ev!p4`c7m3b*kj5A0e)j+7q%gfVw`GetK_0IpY!2ZW(J@sHq zd-vVD;|R$y0D-Bc+oo1l;0iAigV@;Scs2ZJ58N*mJ!5D@0Kr~yw=ga3c{mr$I-r|~ znE_G^j{POg4vq2BrAx5G*p3sL18N zB>7K8ElU}4eXosNlJkw^@V$2FxTo@o9~YRv9;Z_AURNHd^=c@{Y2=DaOo(c0Nf7tE zaG>_c{s{5gwZUL?&>t`qf9KM1syTA4{}K=Ok{$7+fF8VQ`Ut5Isp`0_b69ZjW+vC& zy9W*&z?u-pK`giW&*cajg5MS_>g3kO%F@yjm@=G$gXkRqAD@+V-_h}`mp;%T4EM&m zZ(+FX>nqL3m`527eXYuhyqds$$;m-PftC$xAjQttpFi`nvJmFtq5e68ga<1NQDbfO zte$yjNC-3;kf154JF!P|(1viHB?u%Kq>1*<&RRo1{9$=n8FV^5UEP?lFsRQWn^Cuo z0hmI(h)*0k6B)Sf;-fAftaRb#*^<{^e$`zoAMroDS(0u$+Ea`AaZrgNx3|T_b+t&> zjig3wyQeE~`eLkT(NG^!(W(7ZMG-o}=fVfY?bCdNDYi!~kF{Q`9-N<~l0|f%S0sd-D)geLApMX&5-Uy=0CkiNwrxSD;g;}wts)Lqw4jZ&Bh-b zMtg}XhJ{cZH-QC(F<=`?;3JARXatj37 zOjmB8blhT&Ck!<(cM}8^!Tmr^{X2oWzw(Uu*U)y+*475m8tzBJmUzb`@!$+ZT6J|S zUOs+RFYE~}GbcB<>*r4{03!%y(3vXa;6l%LT1bR}2VOhSNVCnwIPgGIS1(^qM?Vjo zc?hGz<{h88VnFvNzI{t~`0zzJIRPbj3px>Gv9Dl@ca&mphm*fiYNzPI(gZX&Bu-rC ztTEl{>#lwCJJ0G~ec)_v{&p5YXa%sf)_u4~fWF2SDJ$-g$6 z1~o@X_Yz+VXb6@geqz!h8pxoiU-0P^_oavg30}^48s@B4gFFhUnpKT})`(3|7Lvxa z%*RjE=Kge9eYAJx+tuN%y1m1aoTjGJ2KDQGOq%x?g!A5%END9U4IcX<_2IUApz}N0 z*{X%Bm0mtOQ_82QFE6N2U8U`75Lf?tV`8U6@OA}#^!Z-v8PvKTi&f-@A`Y^~XysPR zw#lftY<=VJDkZ&|sMgH)i{CO0tG#f|>14I-kFMdjahNsLq!tv}l4M>#5sTq}P6ex+lHv@3 zV#mDr&$V|{E9ZuGQmM2(pA$!LHn(24-gIoFUDG$D_I&aLc>x;O;)OOhgl16h^}s-A zq=U94b$k!u;}5Nrqe4$^?VS2j>GQk>N@Gmpj^3}l<5WJbZ{UZ5L&H7IKET({@AC2Q zIC^esFUSZVo3%(=wy$X1iH~3X>w(~E9_`LQxHQ4|o19GIew2zz8gBo`k0C0(S4&2F znPl;wM!D_fE~|>iD2QO@K#~4m*0!UuvvWgoAbwGatE;IU^Mv;dG2s&io0_@<+XHqS z+?%mZcK1bf^z__uFQE1M;r{aDsK$Ww3FPOycPrIQ?oH$OJ)2&fP|$@JUq2i+Z*c!5 zp=hy1bFwVVInW8fmPw@25QafCn>l_lU~+1z{uZxya|&V?^UE59p!JEzDk>_tJK8&s zQ`J;gk0SMTkC@-Rt6AhYhk*Ck!vjkC*!_ZkjaJ}NXgM|RjW#gAx{PB5sDrW-syVA? z3|MxI3MvAMiVWI36o-!=|1B&meED(>Ag6Yz8w0bEnb~PJHo228w>CG?LDccb|8oTP zT$tVA*x--gM1$gj>A%NADheSOZJvjysr`L@rHO%diyi06P_V++qo;EZ%M0^pHz*WT z#T3%8T@9Z->LYWr_<^0SZZC+PEVR2wg8&2(g1Z-IW-eg5!2LmdFf}uSbsXJu5WFa* zVW*HK77-P-;k>4;Esm}S?7Ba6<833OW1jHGN}vv-@;L)`2xIg7xba{v8<}M3!x6&s5Pfd^t`d?v5s{lsF{9(e;9!Pf^#RZ49v-_SZ=;*-!qWq;v;AL?C;s{8pMXq> zm=$m;I2dpjmRJw%k-meBPp<%rdT>}+AK(Y6c8vx zw=3EVpFdZ=bLV|@Gzf!Nv9WqCF5+{}WJdhJDo2>Hk*9hs|MvT9*BgK=YA#8iZ~>w%)fX?m&suGf5wGRtjjXPYh&ilMQzy9X6!VF1{s?02 z6D}%Qh)bzkobF<5==Ph;LoR^neQ{|Cd?`-Lq;TajLrYs5qm-Kq=uY4~Oo7)wf8OBm zdUOngu9MR@KE97WK7Vs?5Hri1BwwCYR=jdu@hW4{-GeMIDW&A{xoZ}u~O2#)6396q}7mmlqE zamR<3j%Rp!E;h%vEZ$$sJIi-8YR6c>IcSK`)e5!^>^~~%iUpEwXRI(P_tWg`h)(6- z6BOLl{_U|X<#rPhVb4@{%X+$prVyDDIdxBR$THGmc<^u1do4 zeCD}3+xF4JeZ#+^y8Ygg=~kaRt0%gMBHzS!2?$V1V`|^f(D=8fvU=WRlr+Brmt(e+ zdjNazi040^%9AhIHf?N(nbVW5!B;)e7%NBYDt_-=S+8zI#oM*z=`T@2t?0xTzW=^y ztXZ(P_xN9bsVFE!K9y@PbkLdUCF9_x5fuE$!!I5Bap}{&sunXX4n{!1?n% zGku2lMWwx=a61l^{Y6SUD3Dd^=3hGYDY;DVmX6M|&d$bEF)=jM5;NDP>G$X{w)$r0 z{+OI#_t-0Z@#5v_Uak)*r{90-)zt0|3ab{r&+ZfJzUp&OhA5cl0>gR>&#R%%pFidvCi_V_hhZThECjdc45Pi$Nx8Do+n z31sjqJ-Kh6%ANyLiOqE1zHtRI`CW}X{ywhRW%PiwcW;Mx^ElIu4|iPW-;(G0Ug4=4 zLN}SpPsGthoqL?HX2)#iX73^_LKBZ*PeJQ-6~2!0UCb@_M*}Ll^H~nE&66>4pRxb& zI`oE;{GAf#uvmEpUiXsE?^Q0iZTL5LcZWv$QkcRuUeTgH{~rC+{h@KLtwM>MOPI#n}LT0l!q zc$C*t1eZuj< z1GobaV0o3Gyu+(Zwr}6sP@t5&f&w(T&8;oiS}5r0QREn)5q@;^>CQ5bzw8G7;>F9C zHAWfmZNNl_?Cec3zqCY6Nr@(eLPTeeFT4T*U4;&*Aj9xCKqa%;j!sT!q^VdaAL1jWKmj{KjsT@Bm*wqWgk z*LBH7+ZgBtMv-5uW89+A0XtMyuo{CI1tuYw8gv1+1}o7E4H1aNlXt%snggS+20nX+ zM$eSgR5<5NTn;Z-Lk@=+^!4l4{{DU#pkhUAy#fPyP>r5D*N@I9Xbb2k`7*lyz=531 zOlPDr%v2zQSSVh(KtYg4;r9Zq2Spvd(4grxSm^nUz5+iH0xS$dKxzF$Ok?-gVSfON z3?T`@0+!vBl4qH2v;B`!Q)htxK%Ri#hxs8QJbcw+=?}Oj+TPXY*r<8$UK*4!ny`T* zutQY3k2|0g!t9}EH3V%%#OP^*AD)(wkV8R!Y;QVkc22`d0^9W_%nER|c{csaXJ0=4 z0`3G4j|(?$(B$$06vBt|gyKbLD5IFYxv_B~3_IutfQjz)c@MZe;RpR0#xEpPr8fq1 zo~bF!%}Akm2S^bb+xYpZ$ZOE7xEk$;wJFTY1E$`^e4LFfEF^@`KNArZ<*wEGC;dJw zS>|fDhNvrj;X)XfR+YsbNN$@?pr56s@y7HITEYB7DGetX2v|oU9}474bOD^5Ytce( z0{2=P3YR}x402fT|AX0id1rN38=}R~bPQC2jyQiMeM)L-;AtZ~q^W6SNJ#6?pFR{o z4EhHyU%ws_Ui$t$y7!|T#U3n

@lW`QOK4`mJTtjVUGM{^}=+$T)+7OiWJ|Djjdu z>@Vlt=3!L`ryaclVbT@dZwBZF$<1{D1_%kcKE5Mqw2Dd#T^#VITVPF9RjI5S>Am!2 z4E!mmC@7BU0yd<3)^466!~mkzpNpc^g#Kvv?V`d$F`?}gihkhv(e-F0xoL7#}UeDilclq|{ z(Rp4~3K2)5WO%x7^w<9RzBh9%4_!BtqI(Luvab}x)M7%K8 zNPH5xkGS^o?tjjoZ+I86CKVpJx{t*0^Vs}?Th@qfyKAc1-29i7>>`tIN5KrDNFgR8 z!!b{lPbk>pME}#Sy$4WzP=i5CG)Ex;l!PGwzykaB?95oPbai!^7#U$dn}WKN+FnIx zMZp~N1uxhy32m6d!YgG@NI{FmxXDA&!&X3-DE!3Bzk4=@!}PW%^>zx%#r6^rotqTk z9KtoojtYrG_XXXwGnTA64yzzG4wM}+%kHyyi;j}y+S?jU)EfXA3yX`JeLLF@Q5j%_ z5D$Rmu(5}d-o-@n>Pv5B!k0M?#rL3+_`vY6-B1;0M86CW3aT0g3X0dU zgx)xVO5gYI*G>luNIq8x8n1HA&DRpq|#$+=Z2{$`Z^;zi~q8 zj+;|Y!DMxySxWM=9)*;b;SqLpXWrw}pUth^ zK6~aTDM`DvX_}GYD{N6qCw_J&yZu=gLDRYUO8>9}U^|R}uz)oMnges>ptlmn9{&!DHuFrhd2)T!UzL>NmyJEen^yQp<~Id z;Myam*5#NqpFX+F#c4U!ed;=gf6qa}4a2`2c7Xd6sgB8QRlociM~Eqkv4SCst{ghXiWeHh@E(L&D9F6G&Z(&de}ax-fXo0~3gQ4S z-Y|#Lf13&sib>e=6<(QwH&CGG?;s=N?}344Ko4|R>s&$nk&*F~Pr&;upeG}~E~S1- z`f!Fxv}Jz$omk0sL3dSEQy0$C=bpy?XJ+_))lnk%RsjU~+ zz^M|-9m0NSBqrttPtmQhX&{CE-zN8}J|-na@Za{8Pe7N@wUk!>HkYlXcEq1o63%eb z6@xHA8nhb%KU5%5h>gB(fbIvFf$?59Fei0J5bw|QI4UbEy+RoT|b3bOL&i0 zFCiEGR&iMUodyI$=oofk@AlL_m}V2NMw==d`q6N~%d7`0Fv2+{78g;~BayIkblI9sv#Wj+ zV8WftTx(h-_~vuZ!)JuJlg>X-KuS==z=W8f6oF6z z%s7#v^xi}|p$8IbxH~iV=UwZryYBZ3R`T+`=RIeiv!DI!y&pz^l7TX0=Tg6{VJe2W z_Mxc>8N3NxN#$JPLl(G#xEF9%(2xp(9p8he zQUG{13oE{?0QPPUo#a3;?G_PHR#BPW4Rp~4aMFWCRcN||m{=P0-(JYxFCr`&0@=aI zw%jH#J?QfGY5Q^OJfuJ&%?KzRuzFW6QUT~DAhy1VfGP|V=wyK`7}T7DojO;9T;6vd zcFV@vT4+efURk}F+!sWYS`sFFr2|q^gyqS_$?OE%RIMMNPCZHx0@Jo?g;pO~-`F5Q zzvp@a9EeaaD;D*YSNJMB+u_Z%ccg8Bm3-)E)M1z7Cr?&hbq@)F5Nu7@Z;JAShE5O< zVkan&U_t?RhyP>fKDT#z6^Bi=QUKKsh4Tjzk!GOs1l?ySsB8iR9cB3rN~hqcfIKR6 z?rMPa47A4z#|UIDY8vkp!se*J1q% zab->99zcAorFwO^DS%jUtWcc8vlVKkRLYo42?aB7LOFsS2=JkaS!DNaz0gP)(l0yd zD`agfmIE!%fG(SWFEBG3gybG{;nZD+73h-t=vDwmMZz5o{S!W-D6rnH3gUW&w z05}57%7!$ArBFd5i&KO!w!icav%tALC~&Iv{5}!z;{%T@v(D)1o>W)IhO|H+2{gQJ zZvas5;DAA}^9v|0j*1J7P`v0XK?=g`E}#%^)I@+2hB_gXN}}!?DuYqgfv4N6Ke3jH zhu}#lCIY8&W@aXHq7+TWq)2OghRlc z@;F_mm6c!DorgDX)vvAN2 z5*EI!t@j{5!D3f~xTUTx5WMfX7<@vAtR6UyjBQ{9dN&DEpumGdwIU*+Yf5zQUOTEC zghn_4N;uOv`tv*glN{O9^EfyFFsCEGos2Pcg*&SX`ot+?WiYCn9*| zg_XfT><*0!!iFR@wKTJE5R{5zu}EJrG6NGZq85+bO6d8f|5fm4|qw9lR!({5}u0YnP zJq5JG?tm2B_NXO{ZgoN#O@E(CftLdpzMJlXLTP~r?dhu3R~Q!Y0l)L#v4e2g4zztx z(EG&1wplEiAN(1*;g~_QUVq;8ToxYV%{(+V-xAgrwm9G&h}#{f4g`k^Igm5SaOQ!~ z805H!a0WwSuK!X>X@f8$aPM8w98n0%U%E?^%!SUWnfJfDs-0R46jcMPywYBHk3Ps` z02W0gOFzB?f~P{}zYIP<^BdR~RK$YNj*7bYs<^1dJ}3@=Z{hN73tzaRn*6g`5;!U7 z??>3nBn!d+y>f*iLm2dbG8Xvn;Nqiro|*IW3O!HGJN4W=;62;-%~|H4qH+ha^Ld$z zkBZCxj;4M|J4fr#D_q9k^snaUx2It#m#))z_sbvWpm3<8YpoM!Z^1m3Zb-j%xQT1E z|My(DP2RJPG;Eg&PB%yi-U^|uI3i!}|Jyx+d7_#-n~|XvBy`8Zj|=u3-V{zdUu2L5 zKmHHCx9pwlz9UKR^9_&+%QrAq6r8{3`r<2X$J60t=TzSrA>{DO*IEj23bsk_fcZiD8lhJ0mrl$Ivion4`DmYb&H3WzH#0}!|x_4-Pilg7+0|^(?WK?pNu}ce9 zFd`?98~@X1oF}a$VWfr&R8Tnc&frVgFrwtJBgF>nhLEbsS6eQ?n_XK7*xDbh*dnK# zlB1t?hk!OPe%_ z%`G=8)++WJ$>-O8!hc_8grgBRPxNISWt{F#?cF3QjipzdU0>YulZO3rnt6ZN&rwYO z@bS+w2;3jKroHAx!(SQj#}SIk$*-r_V+TSXaT*tcs&ceGJgLQ`WI8(75zg)tiE4NI zwISAH=7D4CwcA%m8x4wAzu~Z5@M$_Txzfz&gy0Z-n^FToUgo4|?ST?QeJ>j>EkBA` z<;Tzo=&frGk9@`Y*uzpH3=OkO44(J+T&YwSt(`8S!)hYTrGs8gN)8-@nep=Q(&pkr z{&+w+P=`)*4AnJe=VCfsS(y4Q__ar|Ej+bz zJc<1xSuMUvhH5yg?hyIYMgeW5RJ+BWCRAOQ;{P0#llGlgPu%Re8yxWPc)|zcLY5ql z8yj~xm^FUj_ZJ22vy_J#Oys4IlV3`9$J_JMu$PQ*WS>8q zfAzre3bCQXX;8nqYv}N1f%?QfpMIyD z<$06M0j?}etd@E~%Imwo@7EDekG8(E4*6#;&1J78h6rNPxz)>Nu7ULv@$z-V!v|J4;tR9kAj~@V!Q?W zi|w7W?AgwydUZAP4{HxbDB`tCXe_oOMdM2Fm*0z$F2079#Va&StNGIydNZmlrXQ*{ zLSQe63_KDrx%g>57uR!lkv2CjAx5psv9h1k+iAUvswhhSPL6UQI@(TPbq)Sk4UO_PnjaSc&mrp$2UJDffJJpY(fXEv_@zc{-*(beFew=}{K97tNc z{>P9ZC$C6h^~MYK8|MD^G z_cZ&s5`{(2&J;Koe}5CkQ788qPD>QfmUPgF(>4>?UAAHoFCV8FJP%}UU5!6Xej@rb zUW~>ayRMto%NQs7hPe^SwDN6f#L`O6aKyp&8vnp3lozn4Zgbu3n6F3~i|nDR8lts> z>O=XQ!q-S%6&!(*Qb$-F&z6|=DNT%SQ^o0Aj;bq{_?^h`-Oyy4az^OYD19k?kG~BL z-obc~cn&N&FJan=PfvSUP#JWkIC2?maM#%O+}nSlw8Iy{IcEbk-|DbRgd{(yfl9Hv^^Ee zu#+miZXj1qG@>dGpl|9nhJBHYQqAZyw4MJt)M#!U*8Va8M_O22RF6IA=%Ne z;|2&LJHHA+P~U?CHm&xV+fBxmF2(^$EB@|-IWdG+CWj~~7$c_zT3MsF-@~f%0LkRe zBz=-_HZ(ms^BF&+Eje|TfC6i=yaR6l5}=u&o(B=`!Hp|RWj^# z3MMl^p$eyX+`T49^0Tl3*4U5JzYcSQsYO7vrY!9`{oj-d)^Jb%QD_Hmh95yA_j+_kSlI+ z(*}o%jK|d#pi7#bjeNhqQO5*`ql!Je@1TCyw;hakmDuwn!P>leD{WRX3b1Iw&U= zx9`dUHn8u=AxK#!4wCZuwHA^*DUqyHq~E+g?629T1YhdCJ{h4G>)-0t8JYWRT58O{ z;pnpHax~HUGG8qFQOAUKJcG`Vpr)ca%ntKO%S3A0Nlu%lM7 zaaD={ZB1Vz_#0xqf)@Q~Ao{@I@nvi+lF-NR$fS3Az c67icPqlV#K@jD#_aH|~`&)c43Sl)>EFFBBps{jB1 literal 0 HcmV?d00001 diff --git a/assets/images/security/2fa/webauthn-nick.webp b/assets/images/security/2fa/webauthn-nick.webp new file mode 100644 index 0000000000000000000000000000000000000000..73db476252d088b84c70ca8b71b6e311d30bdfa8 GIT binary patch literal 11486 zcmaKS1y~%-((Wva2MO*3cXx;2?he5r=;H1WT!II8w-7uy!Ciue03o;rmtc33@0@%7 z=RW_rz1!RGRKL|-RogQ=vt8}TF|GdJqRg_%pEtGZHyCmR6TQ-G{%d8QnZB5k*Gqm|q93-tYT{NgQ zylKTq%bA-{Raccj+o&a5#MU~iO&(Wi(o`v48(*mqFM(I(?ru|s#ciOMN~q=GE=R63 zJYTB5d7vz-HH_u59TZY|QjU~Nqi8$H=QeWTU>L?_`=!_!=ez?3t>WyRO_gh9f}l0!k|)mKzGfY*JWspI3a%! z@G{87F>ATmVdbBkipYaX0XT-&BGLqL3*#7syU8I&P*A- z)Qa`3#Zf2G*Q=(&$LIRxiG#jzXdw`Re)NsI{UH!G}%Cu_CG=;SA;|b>}V_y8wX6I}v z8XX@u)EY=yL1hcK*VOt5$*+|T0RRgk;YFUw=D7T32gX{56?j+>fJoZ_^}N3QitAtg z?{$M)60t|xhrshgyf>kilmRSnpZV_{Nq-)5tVCGvS}eV3ey3#0xP+=qjJm{njVzbh z6jk1=WKWAc)Kgk7$n=7Jthqkp2t8svpnfx3fN<0+2+>W*o~ONsfFep)IU~;eS3V{& zdkt?~jnz7zFxCFt5@$2M|FkLjG2DY&Vlh_eE4HNm_dz#nLd`@r5d_S~FNn~0AL^Ff zJW#`mLc4hL_V?qZi@kVNsZXYZVyI*zDHvU;1H%Ok}LTOu8Hw#bQb5`8DxogDMYVNh`pR1K@7FbM41TMLjGjZ>5cB(;;B2P zgLOcNt}3#+eUOQvLas5l7-Ku(p+~-eP$p3wW5Dn4ZQMt2ps(P*q?D7NB`xgW1Ks*6 zl=WGC%91UvvE&lPrLsB-4S7YYjx5SoJbPU7-s`gV>)SYoJ3XQH#yfi$pU$;W6(rHz zLVeCCCBkL3^Pk-+8^Q`LVF)Qy(nrzXhdx}VCm`EMz#BBYO6)IkpFRy0lZW_<)9G9W z_kOUt!}xMn>GJN>+_G%Rhbp?Ikz7PM3I9_`CryjSelD4udKs9S?i@q1*fIDQcy@Rq z_yPGnae&xM_;U@hq=oX)s}f7uBf(Y8{p?(0l%1fuh-C=&>Wph=#F!5+l`!r)SUEv1qw+huiYRif+Fjg%3S8+P z3E9>=)Bd#LoWZs?vPmh8&1pm&k7;yURLgpPyiud#xP_Ngk>8wFmEr1W8eo zxO&$)Z8I!ze*dB<$r?)}m!o~L&aC+WjtY|hg<#R2)^SS?btvtl!R?82rL5VifUH-v zeuYQa>{n^bJMBk_FKp77wZ#EAq5#z=705~LS5?%Z_^e-D4aHRdTDG~VIb1(?_1S;! zx?JZqJZC@d+UFiHmxu-RE4Z?q&@@rlqzq^^r3A!RbqV%rYs4_ShORF) zec^!uP$x<#_@ohjRF!v*y&epB0b>F?dd8MQa|cB2dzZ4v%?xPp?FR6P45kx$Z(;fGtu0pZsNu#i zp4YIFSRQ#^06V+{nZn|AnEo75hi{7ZjSPOV0=P`aIk)BalKZ#!^faEYkK+>4SPZqm z2G`*LL(vzXsV_U-MhAiif|p-a2&5E7gbfmCrSiD6#1`s3%wLgr)W=CV=a1!UojU(}@GN5;W z3l7%0pahi@evyUG_gs;kT$J@7^EZ(MgYCu_rexvHYaYuE^A zmd5z-)_=Nq{igZK7H!befI}xc*wtvqq;aDL0KP3JE5zr0+eSS7E<@OYVp(r!wwmn+ zk@m(=wg2|gWG5`exB?~rVz7i8*3hoVbvHbWa|#e|`6Tl8a2fSv({9y|Zmn&x`U@$u zY#Zs$B4ma%p_{X(Ob?@p8_zCTqza99L#BF0c48b}KPRlxq%3kH0x!Ub-I5u=;m8U*eK3n{>Rg+j5OY1KpkbECwMciavA8Eg8@*Fg@RI>;0j#DPgJ$n z2ttGRwfJHb7~x&#FG2<1!*N`G5~KS_cDe|!ZcnByPv6uuWr!Z6O=GQqRoAZ)-kLwG zqE&~)3>*nL)})x$pf|F&aq#3k=7?!xl~}J%fK6b3rv%`T;gVQaPa^DXHNV6x>j&>k z&;e}ZG5y9wdpmMxFg|6Eh~eCD(;vk06btFWdlsDtvbjjIDA5QHit^Q+Gd2}pKtVk9 zv8glXCcptV`Q<1W_>ylx5Lj2I94%y18N^WczRrk0f5M-s4F!ljyTv)A2H1mAm{TLxWo48C2*K&i#ZVH2a?gTG8bKXF+IAhgNBx2!1#F@v z3$ThQ-($2vqy0&9!m8Bj<+L#h_3_ZudW4p4JxPWl0no>hs^2)LV+W1%GsurB4@r@* zUu@gOn$D=yaeMZ(Aybh?0?(o|Qy#no8C`;3eU$x5v<-^wh(VPIYeIqJ#D&a;yM-N> zDYB>a3B!sJsPJU8o%)h30q1w`R-|Js$ zv4QY=4;eObuoP1kerX4P^0BoeJq9{LLX2mWP@@Cik((=>Rfb$0RV$tpUB-5Z0*=ra zt03Dw-{hi|U`QHpz<`|Pe#-&)!H7+cSW&%-)Zyo1<0|Z*GUP_&y>SN)fc^;|RvZq>t^J}F1@*|Y`0q|<#4O(o|n=cq#- z=WFXXp`kRzUPVD65W*c!XKnZ>DO0GNUJ}d3f^vr9ZKyC6tGL7^Hv zA1qAUkix*MD)F?BRVCg?2hSNi;~v$^aFsnSKk?;+bv|e#k=@Ny<}{pPG#7t7{P`CB zw#>GYgsE2EQc=l3^)qqk#^CL`CnE^pilb;$fN`RF9Qy1Y94 z%mIik4KtK<-~t@Bj*8qNS6*kx!;cpGk zXOT0`de(n~o7Jj2)og4U#)9!l$A-(rH8sMWya+AR;(_DzYxsot>Luq%L&Z>h2&KdX{es zNBI{t7da)s$N7Yt?aVocGG2}dbFGK74VX;5)B4d62CF%$@mXQpi?$D;o@_XSp3|S0 z&FL6HhAzLZQ1QPhR+w!KIK;C{0!GevJ4c?X=T&b=Jcc0H9qw_yrqxx*XKzSB>_s*h z+TGb>6*Vu7^?c{Wnx8$zwdxjmIx_FzG$f#ZB&F4-dr0dnls?iBUW|}D4m75O=nR*E z;|{bFFZ=^RL1@@KpWgOYlS-Ko2rut~#wf;|_{nX(BUp+Aya|xzMpP5F*hLh3kJVln z3;40S;9ahjH#S!PsN-3G8&|?vd5%W@qBYiE`uBT!;poOWIW<}(ylLTvc(M1}JbXK( zqy?Ew-~!KUo&JmuKHUn4>?k{vIf-06n3-!aN13O!69nJ3{G(fkdA!e(>2~2A5 zf%45bvn>ix4oN#YTwG4ost(siPvBTkwTV410I&MV6jivw0n+)=3S-<%-=gTrSN5V~ zkY263mg;}e&kzz!{#B|Rz7R|+PEP-^@vFFE^7WDDb!OR7D~N3L#VaVCO3t1vdYR7s-(+hi5MAkVWVhPV62h$wAuB@N}IcpxtnN$jZH;Y8{vA|Of>1rWIi1A zPi}7oSi3EL!oKD(B4nzav)Y^6D#Z*XFYcy!ic0dBIcqzWGEQJ&T8-CS*4uLlpz%bQ zb3_2`{c4UijJewxG>xyvG$=n?+}lpCGEks?J?!H_TGd!i^Oc6>z)M-*iD1Ww<>vd^ zL1SO`SLCY4vycJZ7rW?G0HSc(S}+6!$X$=a6S^dx3;0l}8(26Fd7C(XX9Wh6T(iY|vncre=p zzMA7DQ6vk)R^D)k(`}cSeg9SnuF4A`g5MR>8 zqyNfvSBEG$fZ%rO!sPiaB)fm};41GSrVtsyXRqUdji8{|LMbHj z`<|)U=W{cJ4>sJB^?Yz-ogVMKEsnfHgqoyR2jS|k_2i1D;@Q@w(yMt`25 zpjE|7skwPIe4AH4E+@Rm-@jl20*u!cj9n-7UGk?!hfPHR{xzv>CQ|A0x@n^6{hun@ z!3G9ttB8_{PBQM_gA&T685DPt!H8Q!=&>n3oz5*H-o;#8m_+O-#?URBaA#3~(v=dH zL2JYGlOxr*Y`~_pq6?@MzMxnxt3Ue(qFho^6XJ>bJJ^pVQR{0Jg}doN;v`zyTQggu zh*M#tMs3R$ok2*NKW5WR*;DhIeu2sC6%$xl5yix=$%5E0UN=8?Ce6LTF3Dtyp5mA} zS~S7=cwh-x&6;}YG=&@KV^5B0EW&BfJAQ+3r2P^nudS%_1?KOJ_=I8A^8Q6;PwjGs z!Y_>Q2~_l6sS@QjHPS&_^9;_&dReQb{l8pgqd#*)gz0r@y)m3&Si}K39>{LP z;t>bP)N;m2OQMYn(qq+Z%V#HS(LyN@5LM4A@;XMv3DZL?+d~3)tb)%%oJkhQ*uD5& z-AJ`0E%|z=Y%me{_*J_UbXv!YR(d;2yy80f;=m{BppYPs_gCXv8Oz9C+k7Z@PN5v$ zlJc&>L0*=X1K5dm(jt0*Q!YSu_?r5_fz&g@!tE6uGWKu0Dv#XnF|+gF{0JWCGYAYk zyba#x#`HEUobofNt#`y6aah@WEf@fPda}7a;c^cIEg>}rjA!r9t#wsZ)t~8!LC-Fq63dl75zd%i#hg z`4D*c&k$jN(4`^zObTkUBV!rEJ0H(*sKMI+&82vnI>`x4OqD!z-LZv_W)Tr{k6nYW z8FY_$Q(mbSu4!j3`%yuv&^dPjnAjyLfzi5jDq~~g{RtR6%nfqY=w6CJlc0&6z`5S8 zE(FmAVeN4tiGFvzkxW>6xzORoOJtS?CQ8{-b1GKp_|G%^ff3J$u;|eQQ?2n%HZi2% zipi`^rh8}6gV1>!2Jztj#MGIQTAd=Iw>*9BD@qSbeY+}NvsttQ_CEB6h`hlIUqent zb8i8tXn-q}Z%H3>Jpi~R^@7-XoWW-8a_9(+g0TA|wClqweSH#O9lz^mSsWS$faB?Y zd(X%vF^i!vGdHI7r(>u(rlhj#xk(rdB5sOPKudnP)>H#KAQt&CXd{>8hd;C9q8zX_ zfV5-Z7&;t=HLB~2Mx+-;(+P`;Qt2oJ4%!UK8ab1~W`M3;JRv{Gwp%NHplYAVQnHT= z9@Ck;puyHwZS|xAYkgjjSX?A%_>2V_U!W(Kb_LY)nl>iQ5`;d56mLBv@i8JMWha2* z^D9)IL47Iu)sd_RG8GS5X@K?>yLxmeo(NaYDq&&NSjh*ZWM_o{)E5Wo z9HIeazeV`4^hYD``lFJpc41|x>@eCeW3KCjmI^q#snv3bIhZhewR?E!`^-k)<1Inf zmD&-|qc3*g^SUm(R*T!ExNiy*PUmDF)c3Bj!L)sMJ zlHszx#<;UKpB;zObdb@G0QL|Bm44pBc}0DkagKevRa9RVM=i>P@y9Y#{lg@@ zMKkXhbM~=(Q~OA(>UJ)B39fB@jl7RS$S%AQQi9K15r+Tot8oq$r34`{XQ=X@6WAmu z)k;0?D>B znaml@tNMyEzIyljfy{uBjrJEd^I21jCN#!H(wBNd{cg8>IV)j_*yu7hFcB`XmxuZ6 zi$lqkX4#WCD}J#a0hpl%%?8AEd8f6;A9Wp^D4RDrh>@}{-Vt}fCP=L4NHRr6*XOdTM)(5V;^~;- zW2S~~sE9UoObMe1A-WoO{f(H=?MXe#L?)wbm#pk{?3X-7i|$U;!78u#B3mr{KJote z2wxF=HUEHV0GPhG2n=T{3#C71J=e#J*2vBAgbfO_TIqPpQmq+4IViOTLfPwGRZFs% zRpEaNc#demeR+W<$MfB;OQSP+3}8fYvyDP)>Y5N9Kl_cd21{tz+0YIvUbAiSi%frc zE!D%Z`fHT4i36YZ$J30@n=97J0|Va~Ujb@gL~cx5UMVxnXoUNJRpFa%4mji5B=NG_ zbr8M&a$S|RIcE2nJiaFK*!YC+g`P*c-Ew8l(e<0GpZyKq1A)uECCz3ZaA21+_>Zpr z5BF0v?7ztwbW9~`HCD432M}f6y!!29Wvv{<;%9kg7UuA6YwPQ=3f^@m$zG%R@hRp? zL-cbldV_iyo&(<7rNjYc-fsk9D>YHgj$v6H#P`iLEg@p}-^M&Xp6`_5ynTVrSNap} zGkN=?*TrYzdkh_Cp*x2@T)esmvX!>nx)(Cd{YWqTiO@=dC-`~;h{K5OIX&*lxty_a zmh!fo?CMv#56Z{tSI~=UDQo(>0&{Y7Jv{DrNSm`&+XW|cQ9TKfcpl%?tXfHd*6bSI z>l@X*$s30}=ldTh6uVBYd|IF{{*2iEXu$~+G}I(I!oPBi9%y~Fd>k=1td{mR@S=!u z0@9KvU+=%SyIAW|wxhQwXJxv6Kmq_$zxMPD2clzyN%v7G?FU${HyI*tDHz?!j_Er1 zHvmC0qvJuUYs!y5Ofs_s`U22i9Dh+nJJ(wnj&kp}-lIQ=Cj6;P6%p9-%RjKYb?mGC zsS8&Vxt=LIXRxaYyJ4U9;Z&e%Z9O-As`I4_qjHMey%TigCmV$vPp0 zUrz-Q8t1*Ahb<&5`CocP(R^*?k-zEk1pCcpkZLOYOpEabxA^9loYzvu zr`v`l(H{r>7_Md2oiq>bCQ&OZ&kdn3IJ0i)h`byIj!2#gSXQ6Gg-Z;XFGXDn(>N@s zywBFwIJvfR1A`SPU|CSfA(&Be~%1x=NkQi z#){YB$6JD02mYemkf&d$(C6IyspUXdE_LN##8wxoCQ>+&dc;;gWGe2h$PjeB>k&1H zU?$93n16QXG5x4mDdP_4#tw5;u*{eT8(!|WR_kcc7_HM|NyyRHhZ(Pfqu*NSX`pEA z!`{^(@Iv?<>h~#1_gNVOnD)ar*Fv!Fs|+YYarLGX0id z_0wyq;((A}ybM1A#2GB~^2o;Q8iZdj7aNdkGP4Nmo5v+r372s&la0;dUcjele-#)x z4>+BwXF|7;kt+UP$|O^k!(4GpJ-gy{EM0}0x7K<4c62PAs8(2wQ61lI7XRN7#`ZVmJ3^SM|@k-BZHGB+?d{M{h=~kDc zkPUC^4s9YZP_pkt*bHY(#*ZW0xR7aV)?z&~_fTu^e3qe$!rO9#`dlgQa{L%aUK(5a zDTVCKaSCM+mR;rT7UiA7i}g4ODeS!OI~4U!Ar#S0A{<;7G4oyqvXbnRN3$(xnxP4i z6noDS?$A4`ml&@_FS`(bZ*fabmj(VSb7P9%rtIuig~XcqBtV&ckw7bUN>iwk??$%FdupXI+RfLf%=^7?*}m8fa!Z{3gMZO;R z{k)T-l;5X(vNqbqhSc~wQ>h;JOeM=#qvVDJws_VddW92?3?|v_)9*=3fGNpI%fpTK z$MeO)yYy*+yf5`f(kau;_y-zID8VO|MZOeG$y5#J6An36`F2J_l5awBwrorZ+wa~l zblTrh_wk^kKbFueU3@tW%q%>+ufSYlSc`k?5@J}3;grp#IjhlWCE1khGk$4u5wC|d z?kd+|*A~3WSLwVK$b4{fK}e-s$R@zQs}v3~obowc$Wglvxq2+GhVU3jwL71=Y1kZ< z8Y@-ilwjuY*FwHk-kWvbvNON2Gc1uQ^{gE}%l%-zqI*8mu!OSyJ3qeRdw=~EB3Y?h zzv&gxxj!6jqQ4q%Bdh9+M^ds`>9HH$JNwm!@rx*S=Jh=(G>I-o^ar~4cPV*`S+Yaj zS<`J|nhra%PVHhahaqY^hTCkxkzbx6}Og`Ixe1lQGT$ z6*8ke%%1Ie@1Gde43FnZqUhqS)a4i=qMDvk_dJc5;;Lc?s(n6w!Z9Br`+d>TYy1Hd z&Q}fPssVex?;U*KlRX)Q+Gul>+*jzRMfpYR2qA+c0`umz~nwz*?fdUw8L@ z@EAuD6Q}&*w4=`jcz9^14PWRa9-4Trv8}n%MynFNis722Xkj)enfznQ##P;VGgY zezz2UKbn_if5N!0oe+i$R<~v%eLZ)$nBaYW7{4hs#xGIkXQ%FyC*0Du!^*kSG=uL& zMaba&vQBfop36`4vvVy2D`%axZ*}mepVD3T;iF#h3Wwj){F@`g1 z+l`v`Zd2Ss_ld)s0uk-cp8NX&Ro%1fN{>bhhk-aEJ_Tb!nTf_qV@)dF42uC7fzO1g zEBB@~?M#{V5ivshgfm|LBKB15lIHV{UoAzx^E4oGmxZugh|T{+rMl4rO6NF;w)o5`y6Vwz1G- zqJQBOD5m=t2L_7SLC|e`XqyeK98mlx?Y0tHZ6f}es|$+%6vV$TSt$B5`oCKlIVDvx r4i User Settings -### Step 2: Navigate to the Security tab and click on the Enroll button +#### Step 2: Navigate to the Security tab and click on the Enroll button Security Settings -### Step 3: Scan the QR code and enter the verification code +#### Step 3: Scan the QR code and enter the verification code @@ -46,7 +48,7 @@ If you don't already have an authenticator app and you're not sure which app to After scanning the QR code with your app, enter the six-digit code displayed in your app into the "Passcode" field of the settings form, then click "Verify". -### Step 4: Store your scratch token in a safe place +#### Step 4: Store your scratch token in a safe place If your phone ever breaks, gets lost or gets stolen, you can recover your account using the scratch token. @@ -59,12 +61,54 @@ This is shown to you right after setting up 2FA: Please store this token in a safe place. -### Step 5: Done! +#### Step 5: Done! That's it - you have now configured two-factor authentication for your account. From now on, each time you log into Codeberg you will be asked for an authentication code from your app, adding an extra layer of security over just using a password. +### WebAuthn + +If TOTP is configured, you can also add security keys to your account. These security keys are hardware devices that securely store cryptographic keys. They are either integrated on your device, like some phones' fingerprint scanners, or connect to it via USB or NFC. + +While you'll be able to recover access to your account using TOTP if your key breaks, if you can, you should add at least 2 security keys. + +#### Step 1: Navigate to your user settings + + + + User Settings + + +#### Step 2: Go to the security tab and locate the Security Keys section + +Look for `Security` on the list of settings. + +The `Security Keys` section should be right under the `Two-Factor Authentication` section where you configured TOTP. + +#### Step 3: Give your key a nickname + + + + WebAuthn key nickname input + + +Choose a nickname for your key and input it on the `Nickname` input. + +#### Step 4: Follow your browser's instructions + +Once you've decided on a nickname, click `Add Security Key` right under the `Nickname` input and follow your browser's instructions. + +#### Step 5: Done! + +WebAuthn is now configured for your account! Now, when you sign in, you'll be given a choice between using TOTP or WebAuthn. + +{% admonition "Tip" %} + +You can very likely use your WebAuthn security key to secure your SSH key, learn more about this on (Adding an SSH key to your account)[/security/ssh-key]). + +{% endadmonition %} + ## Personal access token If you push to Codeberg via HTTP (see [Clone & Commit via HTTP](/git/clone-commit-via-http)), an extra step will be needed to create a personal access token. This token will replace your normal password (+ authentication code) on Codeberg. @@ -119,4 +163,4 @@ Codeberg's instance of Forgejo is using an [OTP library](https://github.com/pque Previous Current Next ``` -Codeberg's server is always at the **Current** period. If a token of the **Previous** period is submitted, which was generated between 00:00-00:30, it will be accepted, as long as that token was submitted between 00:30-01:00. So at a minimum you always got 30 seconds to submit the token, before it becomes "invalid" and Codeberg always accept two codes (**Previous**, **Current**) \ No newline at end of file +Codeberg's server is always at the **Current** period. If a token of the **Previous** period is submitted, which was generated between 00:00-00:30, it will be accepted, as long as that token was submitted between 00:30-01:00. So at a minimum you always got 30 seconds to submit the token, before it becomes "invalid" and Codeberg always accept two codes (**Previous**, **Current**) diff --git a/content/security/ssh-key.md b/content/security/ssh-key.md index 9781792..8be3c59 100644 --- a/content/security/ssh-key.md +++ b/content/security/ssh-key.md @@ -35,6 +35,24 @@ It is recommended to use one key per client. This means that if you access your Your private key can be protected by a passphrase. This adds a layer of authentication that increases security. Be aware that this will only be helpful for certain attack scenarios and does not offer 100% protection. It is recommended to keep your private key safe and - well - private. +### FIDO2 with OpenSSH + +1. Connect your security key and open a terminal + +2. Paste the text below + + ```shell + ssh-keygen -t ed25519-sk + ``` + +3. If you have set one on your key, you'll be prompted for your FIDO2 PIN. Enter it to continue + +4. When you're prompted to "Enter a file in which to save the key", press Enter. This accepts the default file location. + +5. You will be asked for a passphrase; enter one if you'd like, or leave the prompt empty. + +Keep in mind that now, every time you wish to use Codeberg over SSH, you must have your security key plugged in and will be prompted to touch it to continue. + ## Add the SSH key to Codeberg 1. Copy the SSH key to your clipboard. You must only copy the public key not the private one. You can identify it by the `.pub` suffix. By default, you can find the public key in `$HOME/.ssh/id_ed25519.pub`.