Fasten is an open-source, self-hosted, personal/family electronic medical record aggregator, designed to integrate with 100,000's of insurances/hospitals/clinics
Feature request for multi factor authentication. Considering this is storing private health data it is important that it be as secure as possible.
Why is this needed?
Ideally MFA would be handled by an external authentication provider such as OIDC or Forward Authentication (preferred). However, in order to develop a zero knowledge model, Fasten would require a user-inputted secret, which neither OIDC and Forward Auth make available.
Hence, the MFA burden falls on the app itself. This is a similar problem to what BitWarden/VaultWarden face with their zero knowledge model.
Implementation
Lots of options out there, but I would personally request support for the following modes:
[ ] Duo.com
[ ] TOTP
[ ] WebAuthn
I specifically request that email and SMS 2nd factor not be supported because of how insecure they are.
When is this needed?
Not now. This is obviously an advanced feature and other core features are higher priority in order to deliver basic functionality.
AnalogJ
commented
1 year ago
What is this
Feature request for multi factor authentication. Considering this is storing private health data it is important that it be as secure as possible.
Why is this needed?
Ideally MFA would be handled by an external authentication provider such as OIDC or Forward Authentication (preferred). However, in order to develop a zero knowledge model, Fasten would require a user-inputted secret, which neither OIDC and Forward Auth make available.
Hence, the MFA burden falls on the app itself. This is a similar problem to what BitWarden/VaultWarden face with their zero knowledge model.
Implementation
Lots of options out there, but I would personally request support for the following modes:
I specifically request that email and SMS 2nd factor not be supported because of how insecure they are.
When is this needed?
Not now. This is obviously an advanced feature and other core features are higher priority in order to deliver basic functionality.