With all the data-breaches and insecurity on the internet, it would be helpful if Magento enabled FIDO strong-authentication as a standard feature to protect user accounts from getting hacked. Savvy users can then choose to protect themselves with a FIDO Authenticator instead of just userid/passwords. FIDO is an industry-standard security protocol for web-applications, currently enabled on sites like Google, Facebook, SFDC and many other sites. It will soon be standardized by the W3C for WebAuthentication. But, by having Magento include it as a standard feature, it will enable one of the strongest authentication protocols on the market for Magento sites and their customers. We will be happy to provide some source-code to enable this - we've already implemented the core protocol into Magento 2, but since we're not Magento experts, we'd ideally like to see Magento include/adapt it into their core product. Let me know how we can help further. Thanks.
... View more