well alone for backup porposes you should be able to use more than one (which is actually recomended for YubiOTP and U2F)
but there should be a limit for performance reasons, U2F for example has to send a challenge for each stick connected to that account
and for the yubikeys you also need to store and manage them, in my auth software that I am having in PHP I set 5 yubikeys and 5 U2F sticks as limit
also @Nuxwin what will happen if the yubi servers are not reachable?
well people dont like to care about those but as soon as they run into support it would be annoying also there arent just lazy but also users that frankly arent that clever, and sometimes you get a mixture of both.
and as you said in the early post a multi-step process will be very helpful (if not the absolute requirement) of offering multiple different 2FA solutions (especially U2F needs to know which account you want to connect to, so it can deliver the challenges)
while there are probably also people out there clever enough to search, there are people who may be too lazy to search or watever (I've seen a lot of stuff in the web) and then contacting support that they cant login coz they have no Idea what to enter, well with the target of imscp being web admins the probability of that is lower than on average but it's probably still there.
just my opinion.
there is no problem. I just think that from a user perspective that multi-step is a good Idea, because the users dont have to care.
while talking about 2FA, U2F would be great, while browser support is still limited (Chrome and opera natively, Firefox with addon) it's not only used on most yubikeys but also there are pretty cheap sticks which can go as low as 5€
also U2F doesnt rely on an external service making it even better.
Well, you're talking about a multi-steps authentication process
well aside from going into overkill with 2FA, a multi-step process auth means not confusing users who dont know about the 2fa stuff.
what do you mean with "raptors"?
my idea would be that ppl cna buy the plugin as usual and as soon as a certain cap has been hit (aka the pot is full), the price tag vanishes.
this is pretty, well I dont know how to say it, not dure whether it's amazing or plain risky that the only thing that sustains your life is hoping that your imscp addons sell...
edit: before anyone assumes stuff and tries to put words in my mouth i didnt even say: I DO NOT MEAN THIS IN A BAD WAY!
honestly phpswitcher is the most useful one of the paid addons in my opinion, not speaking from a hoster perpective, but as a PHP dev. you dont see a server with quickly-switchable PHP everyday. This allows you to quickly debug your PHP software among multiple versions which is REALLY intresting.
well that the primary target for that are businesses is something that I already thought.
the problem especially when creating a SAN cert with multiple different webroots gets REALLY annoying over the commandline (I have tried on my PC and I am getting problems all over the place) and 90 day cert lifetime doesnt make it better.
if their verification could at least propagate down to subdomains it would be a LOT more painless, but no it isnt.
for now I use startssl because it's in many ways different and possibly better than LE, even though they are probably not automatable.
1. easier validation
2. Validation propagates to subdomains
3. longer Lifetimes
4. you dont need any obnoxious (and right now beta software) that potentially has access to your keys to create a cert.
5. easier workflow in general
-> verify wanted domains via email, upload blank CSR (almost everything is ignored), enter domains, get cert.
I dont say that LE is actually bad but in non-automated environments they are just a major pain in the back.
----------------------------------------------------------------------------------------------------------------------------
edit to add:
an intresting Idea would be a "pot" for each addon which is defined by the time/money you need/want to create that addon.
and when that pot is full make it free.
I dont know whether or not it's a good Idea but I think it's intresting
And our discussion with @MichaelSchinzel was done privately
I know that much, but wanted to know whether there was any result that's why I asked.
and at the end, no agreement was found for making the plugin free.
I obviously didnt know that until now and it is at least nice to know.
as I said: I dont question your right to gain money, just asking about potential opportunities.
by the way I am "just" a "user" of i-mscp (we just use i-mscp privately to manage the server stuff better, we are no business or whatever) and by the way the server admin already bought PHPSwitcher, maybe even more, I dunno.
also instead of saying "I donate 1€ so make it free" he asked what amount would be needed to make it free, a completely different approach to this.
I have nothing against it being a paid plugin but I just wanted to ask what happens with his idea of a sponsorship so it becomes free, which is VERY generous in my opinion.
by the way I DO pay for good software/service when I need it and I like it, I had spotify premium long enough, and I also have a WBB forum which we have on said server and most of the games I have are paid ones (no matter whether steam, console or Humble bundle)
