diff --git a/docs/u_e-mailcow_ui-tfa.md b/docs/u_e-mailcow_ui-tfa.md
index 4e694e071..58e25c61f 100644
--- a/docs/u_e-mailcow_ui-tfa.md
+++ b/docs/u_e-mailcow_ui-tfa.md
@@ -1,10 +1,10 @@
-So far three methods for *Two-Factor Authentication* are implemented: U2F, Yubi OTP, and TOTP
+So far three methods for _Two-Factor Authentication_ are implemented: U2F, Yubi OTP, and TOTP
 
-- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
-- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
-- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
-- U2F and Yubi OTP support multiple keys per user.
-- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
+-   For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
+-   Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
+-   While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
+-   U2F and Yubi OTP support multiple keys per user.
+-   As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
 
 As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.
 
@@ -19,8 +19,22 @@ The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are
 
 ### U2F
 
-Only Google Chrome (+derivatives) and Opera support U2F authentication to this day natively.
-Since version 67 Mozilla Firefox can handle U2F natively. ([Source](https://support.yubico.com/support/solutions/articles/15000017511-enabling-u2f-support-in-mozilla-firefox))
+To use U2F, the browser must support this standard.
+
+The following desktop browsers support this authentication type:
+
+-   Edge (>=79)
+-   Firefox (>=47, enabled by default since version 67)
+-   Chrome (>=41)
+-   Safari (>=13)
+-   Opera (40, >=42, not 41)
+
+The following mobile browsers support this authentication type:
+
+-   Safari on iOS (>=13.3)
+-   Firefox on Android (>=68)
+
+Sources: [caniuse.com](https://caniuse.com/u2f), [blog.mozilla.org](https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/)
 
 U2F works without an internet connection.