nickslowinski/mailcow-dockerized-docs
1
0
Fork 0
Code Issues Pull-Requests Projekte Releases Pakete Wiki Aktivität

updated browsers that support U2F

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Maximilian Leith 2021-06-04 10:54:47 +02:00
Ursprung 8c3102945a
Commit 4e8c17d543
1 geänderte Dateien mit 23 neuen und 6 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

29
docs/u_e-mailcow_ui-tfa.md
Datei anzeigen

@ -1,10 +1,10 @@
So far three methods for *Two-Factor Authentication* are implemented: U2F, Yubi OTP, and TOTP
So far three methods for _Two-Factor Authentication_ are implemented: U2F, Yubi OTP, and TOTP
- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
- U2F and Yubi OTP support multiple keys per user.
- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
- U2F and Yubi OTP support multiple keys per user.
- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.
@ -19,6 +19,23 @@ The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are
### U2F
To use U2F, the browser must support this standard.
The following desktop browsers support this authentication type:
- Edge (>=79)
- Firefox (>=47, enabled by default since version 67)
- Chrome (>=41)
- Safari (>=13)
- Opera (40, >=42, not 41)
The following mobile browsers support this authentication type:
- Safari on iOS (>=13.3)
- Firefox on Android (>=68)
Sources: [caniuse.com](https://caniuse.com/u2f), [blog.mozilla.org](https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/)
Only Google Chrome (+derivatives) and Opera support U2F authentication to this day natively.
Since version 67 Mozilla Firefox can handle U2F natively. ([Source](https://support.yubico.com/support/solutions/articles/15000017511-enabling-u2f-support-in-mozilla-firefox))