Account login with password and Yubikey

Hello

I have already read about this topic in the forum, but I would still like to bring it up again, as I also find this function not very useful.

I have configured a Yubikey for the Devolution account that hosts our Devoluton Hub. There is no Microsoft SSO account for this, and only this account has admin rights.

Now it should only be possible for administrators to log in with this account using the password and the Yubikey.

Even though the passkey cannot be set as the default Two-Step Verification Method in the Two-Step Verification Settings (see screenshot), the Yubikey works very well as a second factor.
Unfortunately, what can still be used as a second factor instead of the passkey is the OTP by e-mail. It MUST be possible to deactivate this function, as it completely undermines the Yubikey and makes our security processes extremely complicated.

I have noticed that an e-mail address is enforced as a recovery, as otherwise no second factor is possible at all. However, it would make sense to exclude this function as a second factor for account login. If necessary, the recovery keys are also an option.

It seems to me that the solution is not sufficiently implemented, as the message “Two-step verification is partially configured” is always displayed.

I hope you can implement these functions soon.

Thank you very much
Markus Grafenberger