Supporting WebAuthn as single factor auth #4
Comments
|
I agree there are scenarios where that is useful. I don't think it would be difficult to add, but I think it should be a decision for the server admin whether to allow or not. So that would mean we need to add a config.inc.php to the plugin. I'll give it some though. Mind you, you'll still need to enter your username, otherwise Roundcube doesn't know which account to check. Nextcloud has a similar setup, where you can either enter your password or activate your security key. |
|
Alright, thanks in advance for your time to think about this. |
|
It's a complicated thing because Roundcube needs the user's password to be able to login to the IMAP server. We'd have to store the password encrypted either in the Roundcube database or in a cookie. I use a persistent login plugin (https://github.com/mfreiholz/persistent_login) that does something similar, but unfortunately it's not part of Roundcube itself so we can't rely on it being available. I could make it a dependency but then again not every admin will want the "keep me logged in" functionality. |
|
Yeah, I noticed when I tried that the "new_user_dialog" plugin doenst create new user based on a username + password. So the first login should or would be always in a secure env with email adress + imap pasword and in that session the person could set up a security key for all logins after that. These would be then done without the needed password. |
|
I'm marking this |
Is it possible to do a 1FA Auth with a security key, without using an password.
My idea would as an example i an untrused env where keypresses could be logged/captured.
1FA: Authenticator, activation by tapping and then logging in.
Replaces the password with a single factor, the ownership of the authenticator.
The text was updated successfully, but these errors were encountered: