Plans to support 2 factor authentication?

appliedprivacy · April 17, 2020, 11:45pm

Hi,

thanks for creating this service and providing it for free!

Do you have any plans to support strong 2-factor-authentication using FIDO2/WebAuthn tokens on accounts? (requiring it to create time restricted access tokens)

nils · April 18, 2020, 10:57am

Dear appliedprivacy,

while two factor authentication is a priority on our list, we are currently not actively working on it. That means, there is also no ETA when it may become available.

That being said, deSEC is an open-source community project; contributions are always welcome. Please join our GitHub repository if you are interested in contributing.

Best,
Nils

appliedprivacy · April 18, 2020, 11:19am

Thanks for your reply, I’m glad to hear it is on your roadmap.

peter · April 18, 2020, 11:51am

Hi appliedprivacy,

Welcome to our forum! FWIW, you can track the issue here: https://github.com/desec-io/desec-stack/issues/316

Stay secure,
Peter

Gunni · November 20, 2020, 12:56pm

I think you should put it on top of the roadmap, as DNS is a critical service and a threat actor with access to it can do all kinds of bad stuff like rerouting web or email traffic.

Why use DNSSEC when only a single password protects the dns record editor?

peter · November 20, 2020, 4:51pm

Hi,

Status update: I am working to finish token scoping and will then start working on 2FA. (This means it is the next task; it’s at the top of the roadmap.)

Stay secure,
Peter

NewRedsquare · January 12, 2022, 2:24pm

Hi,

any news on this feature ?
all my registrars are using 2FA, only my DNS Hosting which is Desec.io doesn’t have it yet. Being a critical provider (unauthorized access can modify dns email servers for instance), i think it should be prioritized.

Thanks

peter · January 13, 2022, 11:54am

Hi,

Thanks for the heads-up. Some other work got in the way (in particular, DNSSEC automation protocol development, draft-thomassen-dnsop-dnssec-bootstrapping-03 - Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator).

We just deployed token scoping last week, and I’m planning to work on 2FA around February.

Stay secure,
Peter

peter · August 31, 2022, 9:39pm

Hi all,

2FA is now available with TOTP tokens. You can find it in the GUI at the top right, by clicking “More”.

FIDO2/WebAuthn support will follow later.

Stay secure,
Peter