Hello dear VaultWarden community,
Just starting the password management with a fresh VW server.
I’d like to restrict the 2FA tools to only WebAuthn/Fido2 with hardware keys (typically Yubico security keys NFC) for the second factor.
So in this purpose, I wanted to make only this one only visible in the providers list, and I tried to disable the 3 other ones. Here is the result:
- _ENABLE_EMAIL_2FA=false is OK, the email 2FA has disappeared
- _ENABLE_DUO=FALSE and DUO_USE_IFRAME=false : fails, the Duo option is still listed in the 2FA providers list. That’s odd
- And I did not find any parameter to disable the OTP Application, so this option is still available and users can still use it instead of only hardware security keys.
Here is the screenshot of the result :
What would you please advise me to do to avoid/disable these two unwanted methods ??
(I am aware of the “necessity to have two security keys to avoid accidents when losing one key” principle/concept)
Many thanks !