Authenticator support

    @My1


    We could but that could disturb users that are lazy for typing their credentials each time they want to logon...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @My1


    Of course, I'll add it. Sorry for the misunderstanding ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    nice and thanks to know.
    it somehow drives me crazy when a page that uses one time inputs (e.g. captcha or OTPs) doesnt have that set.

    asperger inside(tm)

    First YubiKeyAuth plugin version has been released.
    See YubiKeyAuth v1.0.0 RELEASED

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Hello NUxwin
    Do I now have a USB key stick, or does it also without USB key.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

    @Speddy


    Right now, you need a YubiKey but in next version, there will be support for Google Authenticator added too, and backup codes (as it is done for Google account).
    Next release planned in 1 Week ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    this authenticator addon only works with the so-called Yubikey through their online service. I guess that maybe there will be an addon that allows for plain TOTP too so you can use any smartphone or other device which can run an application that can generate these codes to be used as a second factor


    @Nuxwin wouldnt it make more sense to use the backup codes more globally especially if more 2FA addons are coming? or will they all be a part of this?

    asperger inside(tm)

    Ok then I know I know I know security costs money but I like to give out when I know it will make people heavy.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

    Quote from My1

    this authenticator addon only works with the so-called Yubikey through their online service. I guess that maybe there will be an addon that allows for plain TOTP too so you can use any smartphone or other device which can run an application that can generate these codes to be used as a second factor


    Next version will include:

    • Authentication with a Yubico OTPs, using YubiKey USB token
    • Authentication with a TOTPs, using Google Authenticator (or any compatible app) on mobile phone
    • Authentication with U2F devices such as a YubiKey. U2F is only supported by few browsers
    • Authentication using one of backup codes provided by i-MSCP (that is, a one-time usable code)
    • Authentication by contacting the reseller (case of customers), or the administrator (case of administrators, outside of the master administrator)


    Note that according these changes, plugin will be surely renamed to 2StepAuthentication


    Quote from Speddy

    Ok then I know I know I know security costs money but I like to give out when I know it will make people heavy.

    Can you rephrase? I don't understand...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support