You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 27, 2023. It is now read-only.
MFA is great and definitely on my to-do list. However, attackers could use other channels like ActiveSync for emails and WebDAV for files. These are not secured by 2nd factor but exposed to the internet as well. I like what yahoo had done some time ago: Here you can/must setup additional credentials for each device (respectively each login other than by the web ui; like IMAP). Possibly the admin could enforce the use of the non-standard usernames/passwords. A least the user itself can choose where to use additional passwords if appropriate (like for each client software, or for each device, or use an additional password for all DAV-accesses, and so on). Of course, such user-password-combinations must be syncable to ldap.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
MFA is great and definitely on my to-do list. However, attackers could use other channels like ActiveSync for emails and WebDAV for files. These are not secured by 2nd factor but exposed to the internet as well. I like what yahoo had done some time ago: Here you can/must setup additional credentials for each device (respectively each login other than by the web ui; like IMAP). Possibly the admin could enforce the use of the non-standard usernames/passwords. A least the user itself can choose where to use additional passwords if appropriate (like for each client software, or for each device, or use an additional password for all DAV-accesses, and so on). Of course, such user-password-combinations must be syncable to ldap.
The text was updated successfully, but these errors were encountered: