From 0b5b541d2cd287b7c0be924d7c303e517a4a7851 Mon Sep 17 00:00:00 2001 From: timo Date: Sat, 6 May 2017 03:53:17 +0200 Subject: [PATCH] Added comment --- docs/tfa.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/tfa.md b/docs/tfa.md index 674a88ea6..8f5e2079f 100644 --- a/docs/tfa.md +++ b/docs/tfa.md @@ -2,6 +2,7 @@ So far three methods for *Two Factor Authentication* are implemented: U2F, Yubi - For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key. - Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com). + - While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS. - U2F and Yubi OTP support multiple keys per user. - As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those psaswords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.