Hi guys,
Are you thinking about adding 2FA for a better protection (I hope) of client’s licences in a near future?
Thanks,
Ernst
We’ll take it under advisement, though I’d say ATM it’d be a bit further down the priority list given other pressing matters.
Thanks for the suggestion.
There is 2FA support already available in Webmin, Virtualmin, and even Usermin.
I would suggest starting from looking at enabling it globally at Webmin / Webmin ⇾ Webmin Configuration: Two-Factor Authentication page.
Later, virtual server owners and mail users would be able to enroll for 2FA by themselves.
Webmin users can enable it at Webmin / Webmin ⇾ Webmin Users: Edit Webmin User page, under Security and limits options accordion, by clicking Enable Two-Factor For User button.
Sorry, Peter. You’re right. I missed that.
The best way to protect your Virtualmin account is to use strong password. Although, I will look into adding 2FA in the foreseeable future.
1 Like
I agree: Strong individual passwords are still best. Aside from being an annoyance when one has to log into dozens of sites a day, poorly-implemented 2FA (which predominates, unfortunately) actually increases vulnerability.
The one 2FA method that I think should be absolutely outlawed (which is saying something coming from a libertarian) is SMS. It’s trivially easy to persuade some low-paid call center employee who just wants you off their phone to swap a SIM. I’ve closed accounts at banks and companies that insisted upon using it.
Richard
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.