MFA | Authenticator Verification during login.

[AGASTRONICS]

The absence of multi-factor authentication (MFA) or Authenticator app verification in the CapRover login process poses a potential security risk. Without this additional layer of protection, user accounts and the services managed through CapRover are more vulnerable to unauthorized access, which could lead to potential data breaches or service disruptions. Given the critical nature of many applications hosted via CapRover, enhancing login security is essential.

I propose the integration of MFA, specifically with support for authenticator apps like Google Authenticator, Authy, or any TOTP-compliant app. This would require users to enter a time-based one-time password (TOTP) after providing their username and password, adding a strong layer of security. Optionally, support for hardware-based MFA, such as YubiKey or FIDO2, could be considered for users who require higher security standards.

Alternative

• Email-based two-factor authentication: This could serve as an alternative, though it's less secure compared to authenticator apps due to the potential vulnerabilities in email systems.
• Server-side MFA solutions: Implementing MFA on the servers via third-party services or security tools. However, this adds complexity and is not as seamless or user-friendly as a native solution within CapRover.

[githubsaturn]

2FA and other features are available on Pro plan. You can navigate to settings and turn it on.