Document U2F deprecation

2022-02-25 10:46:01 +01:00 · 2022-02-25 10:46:01 +01:00 · 37740a3e6a
parent 39da9c64a9
commit 37740a3e6a
2 changed files with 7 additions and 5 deletions
--- a/doc/sources/admin/start.rst
+++ b/doc/sources/admin/start.rst
@ -180,7 +180,7 @@ Obsolete Backends                                                    Authenticat
 Second factor (:doc:`documentation<secondfactor>`)                   Authentication
 ==================================================================== ==============
 :doc:`TOTP-or-U2F<utotp2f>` |new|                                    ✔
-:doc:`U2F<u2f>` |new|                                                ✔
+:doc:`U2F<u2f>` |deprecated|                                         ✔
 :doc:`TOTP<totp2f>` *(Google Authenticator,...)* |new|               ✔
 :doc:`E-mail Second Factor<mail2f>` |new|                            ✔
 :doc:`External Second Factor<external2f>` *(OTP, SMS,...)* |new|     ✔
--- a/doc/sources/admin/u2f.rst
+++ b/doc/sources/admin/u2f.rst
@ -9,11 +9,13 @@ two-factor authentication using specialized USB or NFC devices.
 LLNG can propose to users to register their keys. When done, 2F
 registered users can not login without using their key.

+.. warning::

-.. tip::
-
-    Note that it's a second factor, not an authentication module.
-    Users are authenticated by both login form and U2F form.
+    Since February 2022, U2F is considered to be deprecated in Chrome and its
+    derivatives. Administrators must migrate to :doc:`WebAuthn <webauthn2f>`
+    instead. U2F security keys are compatible with WebAuthn but require a
+    :ref:`migration step <migrateu2ftowebauthn>` to be performed in
+    LemonLDAP::NG.

 Prerequisites and dependencies
 ------------------------------