Two factor authentication

Orwell84_ · May 18, 2015, 2:11pm

Hey Josh and others,

Are there any plans for two factor authentication login in the near by future?

JoshData · May 18, 2015, 4:12pm

I started work on a branch (see github), but I don’t have any plans to wrap it up any time soon.

mlk · August 31, 2015, 12:55am

Oh cool, I like how you’ve started to implement 2-factor in both the admin interface and configuring Dovecot to auth against the API so that IMAP or whatever can support 2-factor too.

I wonder, are there any examples out there of a non-proprietary mail solution that supports 2-factor? Nowadays 2-factor is a no-brainer for an account as critical to security as your email account, but all the established open source mail software pre-dates that idea by many, many years.

K87RRR6r6 · October 8, 2015, 6:51pm

I’m definitely for a 2 factor option as well & the codes work great based on google’s open source implementation.

K87RRR6r6 · May 24, 2016, 2:25pm

Just thought I’d revisit this and inquire about this roundcube plugin that seems to be frequently downloaded, updated and on github for someone with knowledge to inspect & possibly incorporate.

https://plugins.roundcube.net/packages/alexandregz/twofactor_gauthenticator

Thanks again, @JoshData. My MailInABox is going strong and can’t see myself without it - your work here and the work you do as mentioned by John Oliver is appreciated.

JoshData · May 24, 2016, 2:40pm

@K87RRR6r6 Thanks. There’s no point to having 2FA enabled only for some services on the box and not others (SMTP, IMAP, the admin panel, and several others), so I don’t think a Roundcube plugin would add any security.

K87RRR6r6 · May 24, 2016, 2:43pm

Ah! Great point. Sorry I didn’t think through that.