Open n00b12345 opened 6 years ago
I'm not opposed to the idea.
It would require an email address and a SMTP server available.
@ArthurHoaro or a TOTP based solution could work too. It's probably a little more reliable than email.
what about Google Authenticator ?
@nicolasdanelon absolutely! That's even better because it's more reliable.
Does people actually use that? I always see SMS or email 2 factor auth, but I never stumble upon a website which requires a specific mobile app for authentication (except Steam, which use their own app).
I use it but with gmail, bitstamp, bittrex.. maybe.. maybe it is an overkill for shaarli
Strictly speaking, SMS and email are not the most secure ways to do 2FA, but they are much better than not having it at all and one should also weight the requirements of a bookmark manager and simplicity of implementation. IMHO: whatever is easiest.
@ArthurHoaro these days you can use any app you want. Eg. Google authenticator, authy, 1Password etc.
Related: #341 - Yubikey support
I use a TOTP MFA application pretty frequently - I'm up to 25 services on it.
Does people actually use that? I always see SMS or email 2 factor auth, but I never stumble upon a website which requires a specific mobile app for authentication (except Steam, which use their own app).
I greatly prefer Time-based One-time Passwords (TOTP). When given the choice of MFA/2FA options, this would be my order of preference and why:
I estimate that about 90 percent of my accounts are TOTP Software Token. I just counted and I have 73 websites/apps setup with TOTP.
For TOTP Software Token, you are rarely required to use a specific app. Viable options include LastPass Authenticator, Google Authenticator, Microsoft Authenticator, Authy, Google Smart Lock, or even blockchain-based Civic.
Love everything about Shaarli. I've been using it for a few years now and it's been great.
Would you consider implementing 2FA?