Security Enhancements -2FA

[asuweb]

Is anybody interested in 2-factor-auth being implemented to provide an additional layer of security to the MailWatch login?

[shawniverson]

✋ I am :)

[Skywalker-11]

There was an idea of an exchangeable user management some time ago this would be a nice use case 😄 👍

But especially a good 2FA will need a lot of work

[endelwar]

2FA for the win!

Which ideas do you have in mind? Time-based One-Time Passwords (TOTP) with Google Authenticator (and similar apps)? email with OTP?

[asuweb]

TOTP was what I had in mind. If I get the time in the next couple of weeks I'll put something together for testing / comments

[Skywalker-11]

It would also be nice to have support of this additional authentication features:

• ldap authentication: support fallback servers (if first server is not available try a second,third... server)
• multiple authentication sources identified by username domain (eg. ldap1 for example.org, ldap2 for example.com)

Not authentication but still nice to have:

• get additional mail addresses from ldap and use them as predefined filters for the user

[shawniverson]

@Skywalker-11

I am actively developing an AD/LDAP User Synchronization script for MailWatch. I started it over the weekend, and so far it looks good. One of the features is that it will pull additional proxyaddresses from LDAP to populate the filters when this field is in use. I am going to submit it to MailWatch for consideration once completed.

[asuweb]

@Skywalker-11 - I'm working on a domain management feature which could incorporate the per domain LDAP bits.