Two-step authentication

Do you have on road map two-step authentication implementation? (TOTP or similar)

If yes, when can we expect it?

Ignas

That isn’t on the Roadmap: Roadmap

It’s not on the roadmap but it’s definitely something that will be added possibly before end of this year.

1 Like

Good to hear!! Will be waiting for it.

Also very interested in this feature.

Is there a way to activate Two-step authentication?

No.

Interesting, TOTP… Currently I’m relying ssh server infrastructure (ssh port forward), authentication (ssh keypairs) just to connect to manager server port. Overkill security :stuck_out_tongue:

Another is OpenVPN, just couldn’t figure how to configure ccd in windows. Vague.

Don’t rely on Windows to do it (especially not Windows 10). Get a decent router to handle the tunnelling aspect - I’d suggest Ubiquiti’s EdgeRouter Lite (enterprise-grade hardware at a home-user price), but there are several other alternatives out there.

I’m at the point I can Tunnel with general setting. The ccd instructions usually they have on website for linux. Hard to find example for windows on how to do it visually.

I’m still not ready to jump linux due the fact I’m a slow learner to command lines. So many things to remember.

Even I don’t understand how OTP works because I did trial and error with android FreeOTP+ and some of bitvise ssh server TOTP features supposedly I don’t need to put password but 6 digits 30 second window code generated by FreeOTP. always returned wrong 6 digit passcode. My server’s Time are the same as my phone.

Searching via google search engine. There is no details in laymen terms I could understand it :stuck_out_tongue: as I’m a kinetic learner.

@Cognicom is there a reason why you discourage me to rely on windows? I’m only use ISP provider Telekom Malaysia’s Router TPLINk Archer C1200 which the Openvpn configuration are too simple to the point I have Difficulty to adjust it.

Anyways the TOTP solve my issue having to put extra basic auth login before it reach to Manager’s login. To make the brute force difficult to breach.

I have Manager running as a VM under Dokers in a Synology Nas who is also in charge of the VPN through openvpn. I use the vpn not only for Manager but for all the services I run on the Nas, ie Samba, php file and workflow servers, file synching to other servers.

I find openvpn very flexible since you can set the level of security and cryptography up to your needs.

1 Like

Multiple reasons, but primarily;

  1. CPUs are made for generic workloads and most will bog down when faced with performing ongoing encryption/decryption,
  2. Windows introduces an additional layer of complexity (actually, two layers) to the process, slowing processing even further,
  3. OpenVPN for Windows uses Microsoft’s own CryptoAPI, which has had more than its fair share of bugs and vulnerabilities.

If you’re a single user connecting to your own network and you have fast/recent computers at both ends, you might be able to get away with this solution - but a proper hardware solution will always easily beat it (in both performance and security).

Ubiquiti’s EdgeRouter Lite costs only about 20% more than the Archer C1200 and will give you a near-enterprise-grade gateway. In swapping over you’ll also admittedly lose the WiFi functionality that your C1200 now gives you, so that’s an additional consideration if cost is an issue (but replacing your C1200 with an EdgeRouter and dedicated WAP should still set you back less than double the cost of the C1200).

This has gone well beyond the scope of this thread and even this forum, so if you’re interested in discussing this further, please send me a PM.

1 Like

Is the Two-Step authentication feature already in place for the Cloud Version?