Lens IDE: Two-Factor Authentication

[jeliasson]

What would you like to be added: Option to enable Two-Factor Authentication as login when opening Lens IDE, or when it's been idle for X amount of minutes.

Why is this needed: To increase security by adding authentication, and two-factor authentication should be the ambition.

Environment you are Lens application on: development

• Kubernetes distribution: AKS
• Desktop OS: Windows

[Nokel81]

Is this about Lens Spaces and Cluster Connect or just the IDE; or is this about AWS two-factor?

[jeliasson]

@Nokel81 General OTP two-factor authentication for the IDE. Not related to AWS.

[Nokel81]

So to lock down lens between logging in?

[jeliasson]

@Nokel81 Yes, and/or when it's been idle for X amount of minutes. Naturally opt-in for the two-factor authentication method and it's options.

[Nokel81]

Are you talking about the login button in the top right of this screenshot? Or something completely new?

[jeliasson]

I guess something new. Basically being prompted for a login, which could be a OTP token, as soon as I open the Lens application - or if it's been idle for some time. I do not use Lens Spaces, which I believe the top right corner is for.

[Nokel81]

Okay thanks for the clarification. How would this increase security? If someone has access to your computer then they would be able to use kubectl and helm to their hearts content.

[jeliasson]

True. Implementing a login would at best protect the application from being used without user authentication.

In the future, one could imagine the added kubeconfig's (the actual secret part) would be encrypted using a subset of those authentication credentials, and decrypted and made available when the application is unlocked. I haven't looked under the hood of the application, yet, so apologizes for my arrogance and assumptions of the internal workings.

Anyway, having some kind opt-in of authentication for the application itself would be interesting regardless of the underlying data at rest.