search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.33k stars 1.06k forks source link

Feature Request: U2F with TOTP Backup #4992

Open exabrial opened 6 years ago

exabrial commented 6 years ago

Hey guys,

I was hoping to request U2F support and policy enforcement. I'll even donate a U2F key to the developers if they work on this feature, or the developers can use SoftU2F if they're on a mac.

Essentially, graylog2 should support enforcing mandatory U2F on users. U2F makes phishing of a user's credentials impossible. The options of when to demand U2F authentication should be "every login" or "once per computer".

As a backup, a TOTP code should be allowed (aka Google Auth) that allows the user to go in and change their U2F token (but not not access to the actual application).

Browsers will over U2F support if the window.u2f object exists. Safari (via an extension), Chrome, Opera, and Firefox will expose the object if the connection is over TLS.

Thank you, -Jonathan

ckristo commented 2 years ago

I would appreciate U2F support for Graylog as well (or any 2FA method) - seems currently none is supported