2-step authentication would be very welcome and useful. It adds another security layer where not only a traditional eavesdroppable username+password combination is necessary for login. It would also make brute forcing virtually impossible as adding the one-time password makes for ever-shifting correct login credentials.
Google has developed a PAM which goes hand in hand with authenicators on iOS, Android and Blackberry.http://code.google.com/p/google-authenticator/
Please add it as a security option for logins through both the desktop, mobile web UIs and VPNs, it would be much appreciated!
VPN 2-step logins would be nice as well but difficult to implement on the client side at least on some less open mobile devices. As a workable-now solution, the Google authenticator and PAM combination can be used for supplying one-time passwords for use when opening up a VPN tunnel to the NAS. Since at least the non-jailbroken iOS VPN client implementation can only accept a username and password, it would be nice to be able to pass a password "salt" combined with a one-time authentication code from the google authentication as a VPN password to the Synology server.
password "salt": €Et7/rD!,å stored in the VPN server on the NAS
On mobile device:
Google Authenticator generates 98347523
VPN client login on mobile device:
I only open up my firewall for inbound PPTP/OpenVPN so that would be much appreciated.
(not affiliated with Google in any way)