Is your feature request related to a problem? Please describe.
it is common to use the default passwords for nearly every service (eg. casaos) which makes for a very insecure system. It is encouraged to use the “tip” in the note to track username/passwords. Unfortunately, the password is not only stored in plain text, it is also exported in the YAML (in plain text) if the user requests it.
Describe the solution you'd like
FIDO2 key authentication and support for keys like a Yubikey 5 and 5C
Describe alternatives you've considered
alternative is to generate strong passwords but because the passwords are stored in clear text, it’s not any more secure and a simple copy & paste.
Additional context
This is an opportunity for CasaOS to leapfrog and showcase what secure access to our own personal, self-hosted data center looks like and do away with the password paradigm of the past!
CasaOS is out to promote hosting our own data and it needs to start with a level of security that is on par with a corporate data center. (or at least a stepping stone towards it!)
The value of our personal data completely aggregated in one place is very valuable to thieves and hackers so I believe it is important to engineer and bake in an advanced security model into CasaOS that is simple and straight forward to use from day one.
This feature request was recreated as #1218 was closed by the submitter.
littleblack111
commented
1 week ago
Is your feature request related to a problem? Please describe. it is common to use the default passwords for nearly every service (eg. casaos) which makes for a very insecure system. It is encouraged to use the “tip” in the note to track username/passwords. Unfortunately, the password is not only stored in plain text, it is also exported in the YAML (in plain text) if the user requests it.
Describe the solution you'd like FIDO2 key authentication and support for keys like a Yubikey 5 and 5C
Describe alternatives you've considered alternative is to generate strong passwords but because the passwords are stored in clear text, it’s not any more secure and a simple copy & paste.
Additional context This is an opportunity for CasaOS to leapfrog and showcase what secure access to our own personal, self-hosted data center looks like and do away with the password paradigm of the past!
CasaOS is out to promote hosting our own data and it needs to start with a level of security that is on par with a corporate data center. (or at least a stepping stone towards it!)
The value of our personal data completely aggregated in one place is very valuable to thieves and hackers so I believe it is important to engineer and bake in an advanced security model into CasaOS that is simple and straight forward to use from day one.
This feature request was recreated as #1218 was closed by the submitter.