On So, 07.03.21 19:24, Christian Kastner (ckk@xxxxxxxxxx) wrote: > Am I reading [1] directly in that the FIDO2 is intended to be as > 1FA? FIDO2 can be configured to take a PIN. In fact the FIDO2 support in systemd-cryptsetup when enrolling specifies that a PIN shall be necessary. As the PIN stuff is not an optional FIDO2 feature IIRC this is 2FA in all cases. Right now whether to require the FIDO2 PIN is not configurable. We could make it configurable though, so that you could use it in 1FA situations. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel