I was hoping to request U2F support and policy enforcement. I'll even donate a U2F key to the developers if they work on this feature, or the developers can use SoftU2F if they're on a mac.
Essentially, graylog2 should support enforcing mandatory U2F on users. U2F makes phishing of a user's credentials impossible. The options of when to demand U2F authentication should be "every login" or "once per computer".
As a backup, a TOTP code should be allowed (aka Google Auth) that allows the user to go in and change their U2F token (but not not access to the actual application).
Browsers will over U2F support if the window.u2f object exists. Safari (via an extension), Chrome, Opera, and Firefox will expose the object if the connection is over TLS.
Hey guys,
I was hoping to request U2F support and policy enforcement. I'll even donate a U2F key to the developers if they work on this feature, or the developers can use SoftU2F if they're on a mac.
Essentially, graylog2 should support enforcing mandatory U2F on users. U2F makes phishing of a user's credentials impossible. The options of when to demand U2F authentication should be "every login" or "once per computer".
As a backup, a TOTP code should be allowed (aka Google Auth) that allows the user to go in and change their U2F token (but not not access to the actual application).
Browsers will over U2F support if the
window.u2f
object exists. Safari (via an extension), Chrome, Opera, and Firefox will expose the object if the connection is over TLS.Thank you, -Jonathan