|
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption. |
|
Thread Tools |
26 Jan 2017, 08:19 PM | #1 |
Junior Member
Join Date: Jan 2017
Posts: 1
|
2FA - Roundcube
Hello.
I was just able to test and review the new 2FA implementation through the early release Beta program. OTP/TOTP authentication seems to work as expected through the main site login [https://runbox.com], however, [T]OTP is completely absent from the Roundcube UI, requiring a generated 'App Password' for the password instead. Although access to account-management is not possible through the Roundcube UI (as far as I can see), it still grants full access to the user's mailbox. Without a complete 2FA implementation for Roundcube, there should be an option to disable it until 2FA covers all web apps, otherwise this opens up a security hole in my opinion. I do understand that at the moment of writing this post, 2FA is still in Beta, so perhaps these issues will be addressed when 2FA goes into production. Please let me know if I have got any of these observations incorrect. Thanks and keep up the great job P.S. I would love to see the addition of Yubikey & U2F in the 2FA mix. |