Closed aashish108 closed 2 years ago
Two factor would be great to have as a feature.
For now, as I host Trilium on a DO droplet, I've set the firewall to only allow access from my home IP address. I have a VPN set up at home, and vpn in to use Trilium.
No 2FA, however Trilium uses scrypt which makes checking password computationally expensive operation (unlike e.g. just hashing with SHA-2). So as long as you have reasonably secure password (good enthropy, no dictionary words), the chance of brute forcing is minimal.
2FA is out of scope, closing. I would recommend to use some auth proxy if this is needed.
Hi, is it possible to look at 2fa again? If the password is known, then "scrypt" is useless. 2FA is standard with most programs. And with today's danger.....
You'd be better off using a reverse proxy like traefik and an auth middleware
Hi again! Another q if you don't mind. Since my Trilium is now public facing, is there any security like captcha or 2 factor auth to prevent brute login etc?
Cheerse