search

zadam / trilium

Build your personal knowledge base with Trilium Notes
GNU Affero General Public License v3.0
26.72k stars 1.86k forks source link

2 Factor Auth? #859

Closed aashish108 closed 2 years ago

aashish108 commented 4 years ago

Hi again! Another q if you don't mind. Since my Trilium is now public facing, is there any security like captcha or 2 factor auth to prevent brute login etc?

Cheerse

joshcsullivan commented 4 years ago

Two factor would be great to have as a feature.

For now, as I host Trilium on a DO droplet, I've set the firewall to only allow access from my home IP address. I have a VPN set up at home, and vpn in to use Trilium.

zadam commented 4 years ago

No 2FA, however Trilium uses scrypt which makes checking password computationally expensive operation (unlike e.g. just hashing with SHA-2). So as long as you have reasonably secure password (good enthropy, no dictionary words), the chance of brute forcing is minimal.

zadam commented 2 years ago

2FA is out of scope, closing. I would recommend to use some auth proxy if this is needed.

hermann1514 commented 7 months ago

Hi, is it possible to look at 2fa again? If the password is known, then "scrypt" is useless. 2FA is standard with most programs. And with today's danger.....

zerebos commented 7 months ago

You'd be better off using a reverse proxy like traefik and an auth middleware