Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    2FA for RC?

    Roundcube
    3
    12
    292
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • humptydumpty
      humptydumpty last edited by

      Anyone using 2FA TOTP with RC? The plugins I've found are couple of years old.

      marcusquinn necrevistonnezr 2 Replies Last reply Reply Quote 0
      • marcusquinn
        marcusquinn @humptydumpty last edited by

        @humptydumpty I'd just make a very long password and trust in fail2ban 🙂

        We're not here for a long time - but we are here for a good time :)
        Jersey/UK
        Work & Ecommerce Advice: https://brandlight.org
        Personal & Software Tips: https://marcusquinn.com

        humptydumpty 1 Reply Last reply Reply Quote 0
        • humptydumpty
          humptydumpty @marcusquinn last edited by

          @marcusquinn I didn't do/config anything with fail2ban. Is it good enough using the default settings? My pass is over 50 characters long with a mix of symbols. 🙄 It's still nice to have 2FA though.

          marcusquinn 1 Reply Last reply Reply Quote 0
          • marcusquinn
            marcusquinn @humptydumpty last edited by marcusquinn

            @humptydumpty yeah, Cloudron already thought of that all for us 🙂

            I know what you're saying, and I like 2FA because it mostly protects people that reuse passwords, but it's really no more secure than good long password if you use unique passwords and a solid password manager.

            We're not here for a long time - but we are here for a good time :)
            Jersey/UK
            Work & Ecommerce Advice: https://brandlight.org
            Personal & Software Tips: https://marcusquinn.com

            humptydumpty 1 Reply Last reply Reply Quote 1
            • humptydumpty
              humptydumpty @marcusquinn last edited by

              @marcusquinn In that case, between Cloudron and Bitwarden's pass generator, we're all set.

              marcusquinn 1 Reply Last reply Reply Quote 2
              • marcusquinn
                marcusquinn @humptydumpty last edited by

                @humptydumpty yuuuup!!

                We're not here for a long time - but we are here for a good time :)
                Jersey/UK
                Work & Ecommerce Advice: https://brandlight.org
                Personal & Software Tips: https://marcusquinn.com

                1 Reply Last reply Reply Quote 0
                • marcusquinn
                  marcusquinn last edited by

                  I haven't checked Roundcube - but best advice is for force a minimum 12-char password on any app that has that ability for user's security. It's difficult to enforce uniqueness but easier to encourage it if people are using Bitwarden or similar since it's so easy.

                  We're not here for a long time - but we are here for a good time :)
                  Jersey/UK
                  Work & Ecommerce Advice: https://brandlight.org
                  Personal & Software Tips: https://marcusquinn.com

                  1 Reply Last reply Reply Quote 0
                  • marcusquinn
                    marcusquinn last edited by

                    More password geeking here: https://brandlight.org/h/policies/password-security-policy/

                    We're not here for a long time - but we are here for a good time :)
                    Jersey/UK
                    Work & Ecommerce Advice: https://brandlight.org
                    Personal & Software Tips: https://marcusquinn.com

                    humptydumpty 1 Reply Last reply Reply Quote 1
                    • humptydumpty
                      humptydumpty @marcusquinn last edited by

                      @marcusquinn Nice article. I'd like to share this security tip I picked up about Authy. Make sure to disable Multi-device after setting it up. IIRC, it's disabled by default but some people might leave it on after setting up multiple devices.

                      marcusquinn 1 Reply Last reply Reply Quote 0
                      • marcusquinn
                        marcusquinn @humptydumpty last edited by

                        @humptydumpty Yeah, I only use Authy if there's no TOTP code available to save into Enpass/Bitwarden. I do have multi-device but pretty well locked-down through various layers on each.

                        We're not here for a long time - but we are here for a good time :)
                        Jersey/UK
                        Work & Ecommerce Advice: https://brandlight.org
                        Personal & Software Tips: https://marcusquinn.com

                        1 Reply Last reply Reply Quote 1
                        • necrevistonnezr
                          necrevistonnezr @humptydumpty last edited by

                          @humptydumpty said in 2FA for RC?:

                          Anyone using 2FA TOTP with RC? The plugins I've found are couple of years old.

                          This plugin was updated as recently as 4 months ago and works just fine: https://github.com/alexandregz/twofactor_gauthenticator

                          humptydumpty 1 Reply Last reply Reply Quote 3
                          • humptydumpty
                            humptydumpty @necrevistonnezr last edited by

                            @necrevistonnezr It's working great. Thank you!

                            I know I'm going to need this when it's time to update the plugin. Make sure to remove the -master from the folder name so it's just "twofactor_gauthenticator" and use the code mentioned in the Cloudron doc page, and not the one on the plugin's github page.

                            array_push($config['plugins'], 'twofactor_gauthenticator');
                            
                            1 Reply Last reply Reply Quote 2
                            • First post
                              Last post
                            Powered by NodeBB