Been playing with two factor auth :)
- Thread starter DigitalDaz
- Start date
- Status
I have for example got the QR displaying in the user settings but useless when you cannot get into the gui anyway. I think I'm going to have to get it to generate and send an email when the user is created.
I think I will probably just get it to create an email and send new user details on creation, also maybe leave it so superadmin can create his QR code in the GUI the then must enable 2FA with a variable in the GUI or something. I also need a way to easily disable it from the CLI for when users inevitably lock themselves out 
One question, did you design it to apply to "all users" or on a user-by user basis? Would be interesting to, for example, apply it to admins/superadmin-types but allow those who can do less damage continue to live dangerously...
(not intending to make a feature request here, just wondering how it's implemented)
(not intending to make a feature request here, just wondering how it's implemented)
No, I see little point in making it selective, the idea is to protect the PBX. Some of the previous security issues have needed gui access. I want this to be able to be applied to potentially older systems that cannot be upgraded because of heavy modification etc. In fact that is my primary need. I have older systems out there that I do not want to upgrade. Combined with the whitelist/blacklist thing I am working on that makes the sip server invisible to the net, I'm in with a fighting chance.
One thing to think about though is a failback if 2FA isn't working... such as a really long recovery code... What if the only admin person's phone died and he gets a new one and his 2FA is lost? Ooops. Believe me, I've been there.
Looking forward to being able to use this feature in the future. Would we have the option ’remember the browser’ so that 2FA logins are not necessary unless it’s a new web browser?
I just finished going through this. Dropped my phone in a lake and getting all my 2FA authenticators going again on a new phone was a major pain.
P.S. Really I'm looking forward to this feature. I've always been nervous having the gui exposed to the public network.
Last edited:
Hey,
Check out Authy.
It has a cloud encrypted backup of 2fa.
It also has the option to sync across multiple devices.
Good Luck
Check out Authy.
It has a cloud encrypted backup of 2fa.
It also has the option to sync across multiple devices.
Good Luck
Just wanted to check in here.. How's this coming along? Would really love the ability to implement 2FA on our systems!
Basically, the lead developer won't touch google auth, it died there. I'm not reinventing a perfectly good racing wheel that many of us use already anyway.
Sounds about right. The main downfall of FusionPBX has, and apparently always will be the closed-mindedness of Mark. There's so many things that people have created in the past that could and should be committed to FusionPBX but aren't, simply because Mark wants to take credit for everything. Or he thinks he can build a better solution, but doesn't, and then tells everyone he never has enough time to do these things because he's too bombarded with support requests.
Essentially, his closed-mindedness and being stretched too thin resource wise is driving me away from investing my time any further in the product.
My opinion.
Essentially, his closed-mindedness and being stretched too thin resource wise is driving me away from investing my time any further in the product.
My opinion.
Last edited:
- Status