The title basically. I'm wondering if @ernest is planning on adding 2FA at some point (unless it's already implemented and I just couldn't find it?). I recognize stuff is pretty busy right now, but it would be nice to get some extra security for our accounts.
Also this my first "article" here. Glad to be joining after lurking on Reddit forever.
Since most 2FA providers cost additional money to run, can email 2FA's be added instead? It might be less secure than using a dedicated authenticator, but I think i could bear with it.
Huh? Why would 2FA providers cost money? I use pretty much the fanciest 2FA (hardware token) on my nextcloud instance, that's just as free as TOTP. The only 2FA I can think of that costs money would be SMS and that should only be used as a last resort.
If anything costs money to run it would be SMS 2FA or email 2FA (if you use a paid provider). But U2F/FIDO and TOTP are free, don't require external communication services, and is superior to email and SMS anyway so cost isn't really a reason not to implement them.
I also have FIDO and TOTP on my nextcloud and I prefer it over email because I didn't need to configure an email server and both just work out of the box (I use a custom domain for email so technically email 2FA would cost me money - although it's a sunk cost at this point).
It'll probably be a while before something like that would be implemented, especially since most 2FA providers cost additional money to run. Right now there isn't much incentive to steal people's accounts anyway.
Don't think it was on the short road map he posted. He's only one guy (hopefully some solid devs he can work with will come on board). I ended up just signing up with my Google and it gave me the option to change my username. Probably gonna give my a headache at some point though.
Add comment