Secure Login

I was surprised to discover disroot provided for authentication by password alone.

Sonebody could acquire my password from my keystrokes and share my account with me and there seems no way to know.

It would be great to provide two factor authentication. It would also be very FOSS to provide for authentication by PGP key. I’m sure there are other options too.

1 Like

Hi karl.

We are testing two factor authentication for cloud, so that should be up and running within few weeks (we need to test the impact on ux, change howtos accordingly, inform the users). This will be opt-in feature.

It’s hard to provide other forms of authentication for other services as we are dependent on developers of those projects to provide such option in the first place.

We hope in the near future to be able to use cloud’s two factor authentication combined with SSO for all services. This way once you’re logedin to “disroot” in secure fashion, you dont have to retype passwords.

2 Likes

Is there any news on this, already?

More specifically, is this SSO config option available in Disroot Forums: https://apps.nextcloud.com/apps/discoursesso

I would like to sign in from some self-hosted NextCloud instance.

2FA is enabled for cloud (nextcloud) for quite some time now. At the moment not linked to other services though we are planning to implement seperate 2FA for user.disroot.org for example.
We have not done more work on implementing 2FA on all services as because its very hard to implement such solution and simply we have no resources to do so.

It might be nice solution for us to remove current Disroot auth in discourse and replace it with nextcloud auth, however it will for sure not be open for external nextcloud instances because it creates a lot of overhead and its opens up doors to abuse.

2 Likes