Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

2FA for RC?

Scheduled Pinned Locked Moved Roundcube
12 Posts 3 Posters 335 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by
    #1

    Anyone using 2FA TOTP with RC? The plugins I've found are couple of years old.

    marcusquinnM necrevistonnezrN 2 Replies Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to humptydumpty on last edited by
    #2

    @humptydumpty I'd just make a very long password and trust in fail2ban 🙂

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    humptydumptyH 1 Reply Last reply
    0
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    replied to marcusquinn on last edited by
    #3

    @marcusquinn I didn't do/config anything with fail2ban. Is it good enough using the default settings? My pass is over 50 characters long with a mix of symbols. 🙄 It's still nice to have 2FA though.

    marcusquinnM 1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to humptydumpty on last edited by marcusquinn
    #4

    @humptydumpty yeah, Cloudron already thought of that all for us 🙂

    I know what you're saying, and I like 2FA because it mostly protects people that reuse passwords, but it's really no more secure than good long password if you use unique passwords and a solid password manager.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    humptydumptyH 1 Reply Last reply
    1
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    replied to marcusquinn on last edited by
    #5

    @marcusquinn In that case, between Cloudron and Bitwarden's pass generator, we're all set.

    marcusquinnM 1 Reply Last reply
    2
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to humptydumpty on last edited by
    #6

    @humptydumpty yuuuup!!

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #7

    I haven't checked Roundcube - but best advice is for force a minimum 12-char password on any app that has that ability for user's security. It's difficult to enforce uniqueness but easier to encourage it if people are using Bitwarden or similar since it's so easy.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by
    #8

    More password geeking here: https://brandlight.org/h/policies/password-security-policy/

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    humptydumptyH 1 Reply Last reply
    1
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    replied to marcusquinn on last edited by
    #9

    @marcusquinn Nice article. I'd like to share this security tip I picked up about Authy. Make sure to disable Multi-device after setting it up. IIRC, it's disabled by default but some people might leave it on after setting up multiple devices.

    marcusquinnM 1 Reply Last reply
    0
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to humptydumpty on last edited by
    #10

    @humptydumpty Yeah, I only use Authy if there's no TOTP code available to save into Enpass/Bitwarden. I do have multi-device but pretty well locked-down through various layers on each.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    1
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    replied to humptydumpty on last edited by
    #11

    @humptydumpty said in 2FA for RC?:

    Anyone using 2FA TOTP with RC? The plugins I've found are couple of years old.

    This plugin was updated as recently as 4 months ago and works just fine: https://github.com/alexandregz/twofactor_gauthenticator

    humptydumptyH 1 Reply Last reply
    3
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    replied to necrevistonnezr on last edited by
    #12

    @necrevistonnezr It's working great. Thank you!

    I know I'm going to need this when it's time to update the plugin. Make sure to remove the -master from the folder name so it's just "twofactor_gauthenticator" and use the code mentioned in the Cloudron doc page, and not the one on the plugin's github page.

    array_push($config['plugins'], 'twofactor_gauthenticator');
    
    1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.