Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. 2FA for all LDAP apps

2FA for all LDAP apps

Scheduled Pinned Locked Moved Solved Feature Requests
2fa
47 Posts 12 Posters 11.2k Views 11 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • mehdiM mehdi

    Honestly, I do not like this idea.

    It would be great to have it in an external script or something. But integrated into the Cloudron platform ? ... It seems too much of a hack, in my opinion.

    fbartelsF Offline
    fbartelsF Offline
    fbartels
    App Dev
    wrote on last edited by fbartels
    #18

    I agree with @mehdi. That workflow also comes with the downside that while the actual owner of the account does not know his/her own password, you (as the admin) actually now it yourself.

    Rather enforce secure passwords and rotate them regularly (in addition to encouraging users to use password managers).

    mehdiM 1 Reply Last reply
    0
    • fbartelsF fbartels

      I agree with @mehdi. That workflow also comes with the downside that while the actual owner of the account does not know his/her own password, you (as the admin) actually now it yourself.

      Rather enforce secure passwords and rotate them regularly (in addition to encouraging users to use password managers).

      mehdiM Offline
      mehdiM Offline
      mehdi
      App Dev
      wrote on last edited by
      #19

      @fbartels said in 2FA for all LDAP apps:

      and rotate them regularly

      (Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security, rather than enhance it : if encourages users to chose simpler passwords, because they're gonna have to remember more passwords)

      girishG 1 Reply Last reply
      5
      • mehdiM mehdi

        @fbartels said in 2FA for all LDAP apps:

        and rotate them regularly

        (Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security, rather than enhance it : if encourages users to chose simpler passwords, because they're gonna have to remember more passwords)

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #20

        @mehdi said in 2FA for all LDAP apps:

        Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security

        This seems to be one of those counter-intuitive ideas. I had no idea it actually lowers security.

        LonkleL 1 Reply Last reply
        3
        • girishG girish

          @mehdi said in 2FA for all LDAP apps:

          Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security

          This seems to be one of those counter-intuitive ideas. I had no idea it actually lowers security.

          LonkleL Offline
          LonkleL Offline
          Lonkle
          wrote on last edited by
          #21

          I never realized it, but on sites that make me change the password periodically, I totally do keep making them simpler because it's confusing even with password managers cause they mess up saving passwords a lot on password reset pages.

          marcusquinnM 1 Reply Last reply
          0
          • LonkleL Lonkle

            I never realized it, but on sites that make me change the password periodically, I totally do keep making them simpler because it's confusing even with password managers cause they mess up saving passwords a lot on password reset pages.

            marcusquinnM Offline
            marcusquinnM Offline
            marcusquinn
            wrote on last edited by marcusquinn
            #22

            @Lonk yeah, I hate those forced password changing policies, they are a security risk in themselves as they just increase the likelihood of a keystroke logger being able to capture.

            I wrote more on the subject of password security for our team policy here:

            https://brandlight.org/h/policies/password-security-policy/

            And my thoughts on Security here:

            https://www.marcusquinn.com/security/

            Hopefully something of interest there to those with similar responsibilities for data security.

            Web Design https://www.evergreen.je
            Development https://brandlight.org
            Life https://marcusquinn.com

            LonkleL 1 Reply Last reply
            1
            • marcusquinnM marcusquinn

              @Lonk yeah, I hate those forced password changing policies, they are a security risk in themselves as they just increase the likelihood of a keystroke logger being able to capture.

              I wrote more on the subject of password security for our team policy here:

              https://brandlight.org/h/policies/password-security-policy/

              And my thoughts on Security here:

              https://www.marcusquinn.com/security/

              Hopefully something of interest there to those with similar responsibilities for data security.

              LonkleL Offline
              LonkleL Offline
              Lonkle
              wrote on last edited by
              #23

              @marcusquinn Security has become my newest point of interest in the programming world - amazing how ridiculously insecure things were even 15 years ago.

              marcusquinnM mehdiM 2 Replies Last reply
              2
              • LonkleL Lonkle

                @marcusquinn Security has become my newest point of interest in the programming world - amazing how ridiculously insecure things were even 15 years ago.

                marcusquinnM Offline
                marcusquinnM Offline
                marcusquinn
                wrote on last edited by marcusquinn
                #24

                @Lonk agreed, and misinformation and information-overload cause a lot of vulnerabilities for people that don't know what we do, and even we find difficult to truly solve. Steps in the right direction though.

                Web Design https://www.evergreen.je
                Development https://brandlight.org
                Life https://marcusquinn.com

                1 Reply Last reply
                1
                • marcusquinnM Offline
                  marcusquinnM Offline
                  marcusquinn
                  wrote on last edited by
                  #25

                  What most people don't realise is that all the add-ons, extensions and social-logins would once have been considered trojans for the snooping capabilities they have.

                  I mentioned "coffee machine" on a phone call to a friend, hadn't typed it in anywhere or searched anything. Next time I look at Twitter the first ad is for a Nespresso machine.

                  So, it doesn't matter how good my security is, we all rely on the security of everyone we are connected to.

                  Web Design https://www.evergreen.je
                  Development https://brandlight.org
                  Life https://marcusquinn.com

                  jdaviescoatesJ mehdiM 2 Replies Last reply
                  0
                  • marcusquinnM marcusquinn

                    What most people don't realise is that all the add-ons, extensions and social-logins would once have been considered trojans for the snooping capabilities they have.

                    I mentioned "coffee machine" on a phone call to a friend, hadn't typed it in anywhere or searched anything. Next time I look at Twitter the first ad is for a Nespresso machine.

                    So, it doesn't matter how good my security is, we all rely on the security of everyone we are connected to.

                    jdaviescoatesJ Offline
                    jdaviescoatesJ Offline
                    jdaviescoates
                    wrote on last edited by
                    #26

                    @marcusquinn said in 2FA for all LDAP apps:

                    Next time I look at Twitter the first ad is for a Nespresso machine.

                    I only ever look at Twitter through Firefox with ublock origin installed, so don't see ads on there.

                    The UX is a bit shit in the mobile browser (especially since recent Firefox update, ironically), but that helps me to use it less on my mobile! 😛

                    I use Cloudron with Gandi & Hetzner

                    marcusquinnM 1 Reply Last reply
                    1
                    • jdaviescoatesJ jdaviescoates

                      @marcusquinn said in 2FA for all LDAP apps:

                      Next time I look at Twitter the first ad is for a Nespresso machine.

                      I only ever look at Twitter through Firefox with ublock origin installed, so don't see ads on there.

                      The UX is a bit shit in the mobile browser (especially since recent Firefox update, ironically), but that helps me to use it less on my mobile! 😛

                      marcusquinnM Offline
                      marcusquinnM Offline
                      marcusquinn
                      wrote on last edited by
                      #27

                      @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                      Web Design https://www.evergreen.je
                      Development https://brandlight.org
                      Life https://marcusquinn.com

                      jdaviescoatesJ 3 Replies Last reply
                      1
                      • marcusquinnM marcusquinn

                        @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                        jdaviescoatesJ Offline
                        jdaviescoatesJ Offline
                        jdaviescoates
                        wrote on last edited by
                        #28

                        @marcusquinn see also Nitter and similar apps for accessing other platforms.

                        I use Cloudron with Gandi & Hetzner

                        marcusquinnM 1 Reply Last reply
                        1
                        • marcusquinnM marcusquinn

                          @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                          jdaviescoatesJ Offline
                          jdaviescoatesJ Offline
                          jdaviescoates
                          wrote on last edited by
                          #29

                          @marcusquinn said in 2FA for all LDAP apps:

                          I deleted the Facebook app a long time ago

                          I never even installed it as it asked for such a ridiculous number of permissions.

                          I use Cloudron with Gandi & Hetzner

                          1 Reply Last reply
                          0
                          • jdaviescoatesJ jdaviescoates

                            @marcusquinn see also Nitter and similar apps for accessing other platforms.

                            marcusquinnM Offline
                            marcusquinnM Offline
                            marcusquinn
                            wrote on last edited by
                            #30

                            @jdaviescoates Nice. will try. Been looking at https://jarvee.com/ - maybe of interest in a similar API access approach but more for data-mining and marketing.

                            Web Design https://www.evergreen.je
                            Development https://brandlight.org
                            Life https://marcusquinn.com

                            1 Reply Last reply
                            0
                            • LonkleL Lonkle

                              @marcusquinn Security has become my newest point of interest in the programming world - amazing how ridiculously insecure things were even 15 years ago.

                              mehdiM Offline
                              mehdiM Offline
                              mehdi
                              App Dev
                              wrote on last edited by
                              #31

                              @Lonk said in 2FA for all LDAP apps:

                              amazing how ridiculously insecure things were even 15 years ago.

                              I think people are going to think the same 15 years from now ^^

                              1 Reply Last reply
                              1
                              • marcusquinnM marcusquinn

                                What most people don't realise is that all the add-ons, extensions and social-logins would once have been considered trojans for the snooping capabilities they have.

                                I mentioned "coffee machine" on a phone call to a friend, hadn't typed it in anywhere or searched anything. Next time I look at Twitter the first ad is for a Nespresso machine.

                                So, it doesn't matter how good my security is, we all rely on the security of everyone we are connected to.

                                mehdiM Offline
                                mehdiM Offline
                                mehdi
                                App Dev
                                wrote on last edited by
                                #32

                                @marcusquinn said in 2FA for all LDAP apps:

                                I mentioned "coffee machine" on a phone call to a friend, hadn't typed it in anywhere or searched anything. Next time I look at Twitter the first ad is for a Nespresso machine.

                                I think it's just a coincidence ^^ There is no reason to think ad companies are literally listening to you 24/7 : it's too costly from a computing power standpoint, so not worth it.

                                What they're doing is "just" knowing everything else about you : who you're talking to, what your looking at online, what are your interests, your age, where you live ... And based on that, they can just guess that you may be interested in coffee machines.

                                (Which, if you ask me, is even scarier that being listened to ^^)

                                marcusquinnM 1 Reply Last reply
                                1
                                • mehdiM mehdi

                                  @marcusquinn said in 2FA for all LDAP apps:

                                  I mentioned "coffee machine" on a phone call to a friend, hadn't typed it in anywhere or searched anything. Next time I look at Twitter the first ad is for a Nespresso machine.

                                  I think it's just a coincidence ^^ There is no reason to think ad companies are literally listening to you 24/7 : it's too costly from a computing power standpoint, so not worth it.

                                  What they're doing is "just" knowing everything else about you : who you're talking to, what your looking at online, what are your interests, your age, where you live ... And based on that, they can just guess that you may be interested in coffee machines.

                                  (Which, if you ask me, is even scarier that being listened to ^^)

                                  marcusquinnM Offline
                                  marcusquinnM Offline
                                  marcusquinn
                                  wrote on last edited by
                                  #33

                                  @mehdi I think more likely the person I was talking to had been searching for coffee machine related recently.

                                  I hear a lot of the claims that you'd be able to see the bandwidth if audio was going to central servers but with the computing power in phones I'm pretty sure they can do the local transcription and just send the data encoded for minimal footprint.

                                  It mostly appears to be contact cross-referencing interests but given that any big ad network could acquire data by proxy from a chain of apps to keep their distance from the actual spyware themselves, I'm just increasingly aware of coincidences.

                                  Web Design https://www.evergreen.je
                                  Development https://brandlight.org
                                  Life https://marcusquinn.com

                                  fbartelsF 1 Reply Last reply
                                  0
                                  • marcusquinnM marcusquinn

                                    @mehdi I think more likely the person I was talking to had been searching for coffee machine related recently.

                                    I hear a lot of the claims that you'd be able to see the bandwidth if audio was going to central servers but with the computing power in phones I'm pretty sure they can do the local transcription and just send the data encoded for minimal footprint.

                                    It mostly appears to be contact cross-referencing interests but given that any big ad network could acquire data by proxy from a chain of apps to keep their distance from the actual spyware themselves, I'm just increasingly aware of coincidences.

                                    fbartelsF Offline
                                    fbartelsF Offline
                                    fbartels
                                    App Dev
                                    wrote on last edited by
                                    #34

                                    @marcusquinn said in 2FA for all LDAP apps:

                                    I hear a lot of the claims that you'd be able to see the bandwidth if audio was going to central servers

                                    You need a ridiculously low amount of bandwidth to transmit proper audio: https://www.wowza.com/blog/opus-codec-the-audio-format-explained

                                    But the discussion has already went off topic enough.

                                    Let's just hope applications will be faster I'm adopting webauthn, than they are at implementing oidc.

                                    1 Reply Last reply
                                    3
                                    • marcusquinnM marcusquinn

                                      @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                                      jdaviescoatesJ Offline
                                      jdaviescoatesJ Offline
                                      jdaviescoates
                                      wrote on last edited by
                                      #35

                                      @marcusquinn said in 2FA for all LDAP apps:

                                      @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                                      One thing I've started doing is using the browser "install app/ add to homepage" whatever they call it feature for various things like Twitter/ Mastodon/ this and other Forums I use so they kinda sorta work like apps but really I'm just using the browser (but I stay logged in and don't have to install the actual app)

                                      I use Cloudron with Gandi & Hetzner

                                      marcusquinnM 1 Reply Last reply
                                      0
                                      • jdaviescoatesJ jdaviescoates

                                        @marcusquinn said in 2FA for all LDAP apps:

                                        @jdaviescoates Interesting, I deleted the Facebook app a long time ago. Makes me think I should do the same for other social spyware too. Will give it a try.

                                        One thing I've started doing is using the browser "install app/ add to homepage" whatever they call it feature for various things like Twitter/ Mastodon/ this and other Forums I use so they kinda sorta work like apps but really I'm just using the browser (but I stay logged in and don't have to install the actual app)

                                        marcusquinnM Offline
                                        marcusquinnM Offline
                                        marcusquinn
                                        wrote on last edited by
                                        #36

                                        @jdaviescoates Ditto! If you install Firefox Focus, that adds a bit more privacy capability to all other browsers too. (iOS at least)

                                        Web Design https://www.evergreen.je
                                        Development https://brandlight.org
                                        Life https://marcusquinn.com

                                        jdaviescoatesJ 1 Reply Last reply
                                        1
                                        • marcusquinnM marcusquinn

                                          @jdaviescoates Ditto! If you install Firefox Focus, that adds a bit more privacy capability to all other browsers too. (iOS at least)

                                          jdaviescoatesJ Offline
                                          jdaviescoatesJ Offline
                                          jdaviescoates
                                          wrote on last edited by jdaviescoates
                                          #37

                                          @marcusquinn nice, I might give that a spin. I've actually got uBlock Origin and Privacy Badger addons installed on my Firefox Android... but now I'm wondering if they get used/ included in app instances... hope/ guess so!

                                          I've recently tried out Bromite (a privacy focused fork of Chromium) after someone mentioned when I tweeted about an annoyance with using Mastodon using Firefox on Andriod (with long toots it's impossible to reply because you can't get down to the Toot button)... I quite like it but even though it's using uBlock and other filters it doesn't seem to actually block as much as Firefox + uBlock (possible because Bromite doesn't support CSS filter, I think).

                                          Have you looked into good open source source Chromium forks before? Ideally ones that block ads. I find Twitter works better in Chromium based browsers on Android than on Firefox, but I can't stand seeing ads and I don't see them on Firefox with uBlock...

                                          I use Cloudron with Gandi & Hetzner

                                          marcusquinnM 1 Reply Last reply
                                          1
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search