updated browsers that support U2F
Dieser Commit ist enthalten in:
Ursprung
8c3102945a
Commit
4e8c17d543
1 geänderte Dateien mit 23 neuen und 6 gelöschten Zeilen
|
@ -1,10 +1,10 @@
|
|||
So far three methods for *Two-Factor Authentication* are implemented: U2F, Yubi OTP, and TOTP
|
||||
So far three methods for _Two-Factor Authentication_ are implemented: U2F, Yubi OTP, and TOTP
|
||||
|
||||
- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
|
||||
- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
|
||||
- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
|
||||
- U2F and Yubi OTP support multiple keys per user.
|
||||
- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
|
||||
- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
|
||||
- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
|
||||
- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.
|
||||
- U2F and Yubi OTP support multiple keys per user.
|
||||
- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
|
||||
|
||||
As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.
|
||||
|
||||
|
@ -19,6 +19,23 @@ The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are
|
|||
|
||||
### U2F
|
||||
|
||||
To use U2F, the browser must support this standard.
|
||||
|
||||
The following desktop browsers support this authentication type:
|
||||
|
||||
- Edge (>=79)
|
||||
- Firefox (>=47, enabled by default since version 67)
|
||||
- Chrome (>=41)
|
||||
- Safari (>=13)
|
||||
- Opera (40, >=42, not 41)
|
||||
|
||||
The following mobile browsers support this authentication type:
|
||||
|
||||
- Safari on iOS (>=13.3)
|
||||
- Firefox on Android (>=68)
|
||||
|
||||
Sources: [caniuse.com](https://caniuse.com/u2f), [blog.mozilla.org](https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/)
|
||||
|
||||
Only Google Chrome (+derivatives) and Opera support U2F authentication to this day natively.
|
||||
Since version 67 Mozilla Firefox can handle U2F natively. ([Source](https://support.yubico.com/support/solutions/articles/15000017511-enabling-u2f-support-in-mozilla-firefox))
|
||||
|
||||
|
|
Laden …
In neuem Issue referenzieren