seancolsen
commented
1 month ago Thanks for this suggestion, @danielrosehill. I agree that 2FA would add significant value to the product.
Out of curiosity, what is your personal preference around the type of 2FA. Most apps use SMS-based 2FA, which I personally don't like. I prefer authenticator-app-based 2FA, but I know it can sometimes be a barrier for less technically-inclined users who don't want to install an additional app. Then there are other things like FIDO and WebAuthn/Passkeys. If you have any opinions about these approaches, we'd love to hear them!
dselfie
Feel like this is really a must for any web-accessible solution that's providing a backend to potentially lots of sensitive data.
I have mine behind Cloudflare Access, but I think if 2FA were implementable I'd feel comfortable having it a bit more exposed - which would in turn make it a lot easier to collaborate on management.