Archived Content from Web3Auth Community
This topic was originally posted by githubdiscussions on 8/1/2022.
This content has been migrated from our previous community forum to preserve valuable discussions.
Google authenticator is a very convenient solution to manage my multi-factor authentication setup.
I would like to use it with my web3auth account
Google Authenticator works similar to other FIDO WebAuthn stnadards, in that it uses a key generated on applications, and nonces + signatures on timestamps to create codes for specific applications.
As such, an attestation from Google Authenticator can't hold cryptographic material unless done via a proxy, making that factor potentially custodial
Whilst we can't use Google Authenticator in a non-custodial way out, there are alternatives on the mobile application level to just store device cryptographic material on that device - essentially achieving the same outcome of using ownership of a device to secure a users account. This is possible across the board on our SDKs