2FA/MFA for Adguard Home #5480
Replies: 7 comments 5 replies
-
|
If you're hosting it locally, this shouldn't be a security improvement. (maybe, but useless) Perhaps there are other alternatives to protect your home network... |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for responding. It should definitely improve the security, especially for internet facing situations, for example: hosting your own domain with DoH or DoT. Many different open source product have 2FA as an option: Proxmox, Uptime-kuma etc. I think the information/data on Adguard home can be very sensitive if one is concerned about privacy, 2FA would let those people sleep a bit better :) |
Beta Was this translation helpful? Give feedback.
-
|
It seems a bit overkill? I don't know.. Come to think of it, I am in favor of adding web authentication(fido2+ctap2) based login. With that, I can login much more quickly without having to enter any username/passwords but just adding a form of 2FA(totps or u2f/fido key based) feels overkill. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for responding. Considering the data that is on the Adguard Home, it would be much safer to add 2FA ( fido2, ctap2 or totps) as an option. If one is having an internet facing setup it would drastically improve the security. If AGH is internet-facing it could potentially be bruteforced, maybe it would be good to add a feature that blocks IP's after some failed attempts. How do you think about that? |
Beta Was this translation helpful? Give feedback.
-
|
oauth or 2fa/mfa is necessary, can be optional of course it should exist, tons of information in the dns queries and just username/password is not enough. especially for cloud setups |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for responding. I agree with you! What kind of MFA would you suggest? |
Beta Was this translation helpful? Give feedback.
-
App based 2fa and possibility to create app password for those dashboards we use like widgets need that app passes for the api. But general UI with 2Fa with Authenticator. |
Beta Was this translation helpful? Give feedback.
-
|
Great idea! I think both key and app 2FA would be best. |
Beta Was this translation helpful? Give feedback.
-
|
I agree. I am concerned about session ID riding/hijacking even with a strong TLS encryption + strong B-Crypt password hash. I think AdGuard team would have to integrate some kind of key generation mechanism that can generate a key we can add to Authy. I am not entirely sure other cloud services do this... |
Beta Was this translation helpful? Give feedback.
-
|
Any news on this? |
Beta Was this translation helpful? Give feedback.
-
|
Any word on when MFA or Webauth will be enabled for Adguard Home? I do host it at home, but it's accessible to the web for DoH, so I would like to get extra protection to my login prompt. |
Beta Was this translation helpful? Give feedback.
-
|
Same here, AGH is running on a vServer to serve the mobile devices I have. I'd like to have some security for the login page ... |
Beta Was this translation helpful? Give feedback.
-
Hi Everyone,
How does everyone think about adding 2FA/MFA to Adguard Home?
It will drastically improve security. Besides that it will be a feature that other DNS application don't have.
Beta Was this translation helpful? Give feedback.
All reactions