search

bp2008 / ui3

A powerful, modern HTML5 web interface for Blue Iris.
GNU Lesser General Public License v3.0
120 stars 18 forks source link

Feature Request: 2FA #35

Closed triDcontrols closed 4 years ago

triDcontrols commented 4 years ago

Hi,

Can we get 2FA added to UI3?

Either a txt message via SMS or preferably via Authenticator App.

bp2008 commented 4 years ago

This is something that would have to be coordinated with the Blue Iris developer, and to be honest, I don't see it being a high priority for him.

You should be able to achieve this yourself and also get the benefit of TLS encryption if you set up a reverse proxy server. A quick web search brought me to this: https://seantodd.co.uk/blog/putting-2fa-on-everything/

triDcontrols commented 4 years ago

Hmm, I would think that would be a higher priority. Seems the seantodd link is down. I'll try again tomorrow.

Would this 2FA portion not be on the UI3? I can see BI the backend software, but UI3 the front end, and would the only one that would need 2FA set up.

bp2008 commented 4 years ago

When you authenticate, you are proving your identity to Blue Iris, not to UI3. UI3 is purely a client application that runs in the web browser. None of UI3 runs on the BI server.

So all UI3 can do is pass along your credentials to Blue Iris. I do not have access to Blue Iris source code, where most of the development effort for 2FA would need to happen, therefore I can't do this without coordinating with the Blue Iris developer. Such coordination takes much time as neither of us works on each other's schedule. We could avoid most of that pain by having the BI dev impement 2FA in the iOS app first. But I still don't think it is a valuable way to spend time right now. Most Blue Iris users aren't even aware or bothered that their web server communications are unencrypted. They aren't concerned with 2FA and wouldn't use it even if it was available.

If better cybersecurity is what you seek, I recommend that you set up a VPN server such as OpenVPN and use that for all remote access. It will give you much more secure authentication and encrypted communications. Some routers such as Asus have OpenVPN built-in. Once you've set up a VPN server, disable UPnP in your router and delete all port forwarding rules not directly related to VPN operation. Then the only way into your network from the outside is through OpenVPN.