search

getredash / redash

Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.
http://redash.io/
BSD 2-Clause "Simplified" License
25.92k stars 4.34k forks source link

Two factor authentication to dashboard #2559

Open tombushmitz86 opened 6 years ago

tombushmitz86 commented 6 years ago

Add two factor authentication

Since Redash dashboard might hold and access sensitive data I think another authentication factor could be useful.

My suggestion:

On first setup, the user can toggle whether its dashboard will use 2FA or not, if selected to use 2FA each new user that is created through the dashboard will be required to generate a OTP.

(OTPs will be handles locally in database)

Authentication code will be requested along with user and password and will be verified together.

I am willing to take the challenge in a PR if possible.

Technical details:

tomvo commented 5 years ago

Voting for this as this as redash is currently an application marked as high-risk in our infrastructure since it can directly access datastores without restriction, 2FA would greatly help.