[Feature Request] - Add Support for Hardware Security Keys

Use case or problem

As a cybersecurity professional frequently using Obsidian, I’ve realized the need for enhanced security measures beyond traditional password protection. The current OTP (One-Time Password) implementation via authentication apps is a step in the right direction, but it can be further fortified. My use case involves ensuring the highest level of security for my data in Obsidian, and I believe integrating Security Keys, such as YubiKeys, would substantially elevate our security infrastructure.

Proposed solution

I propose the implementation of Security Keys as an additional or alternative authentication method alongside the existing OTP system. Security Keys, like YubiKeys, offer several advantages:

  1. No Dependency on OTP Apps: This direct hardware-based authentication means users aren’t reliant on their phones or an app, streamlining the login process.
  2. Ease of Management for Multiple Keys: Users can easily add or revoke multiple Security Keys, offering flexibility and convenience in managing backup access.
  3. Reduced Risk from Lost Keys: Unlike phones that may store multiple OTPs, a lost Security Key doesn’t expose reusable passwords or codes, minimizing the risk of data compromise.
  4. Enhanced Protection Against Phishing: Security Keys are more resistant to phishing attacks than OTPs, as they require physical connection for authentication.

Implementing Security Keys would make Obsidian’s security more robust, user-friendly, and aligned with best security practices.


Example Implementation

To provide a clearer understanding of how this could be implemented in Obsidian, below is a screenshot from another service that successfully uses both Authenticator App and Security Keys. This example can serve as inspiration for how Obsidian might integrate multiple Security Keys.


Current workaround

Currently, the workaround involves using OTP via authentication apps like Authy or the Yubico Authenticator. While effective to an extent, this method lacks the enhanced security and convenience that Security Keys could provide.

Related feature requests

1 Like