Suggestion: Two step authentiaction

Discuss with the community any ideas you'd love to see in future DiskStations and DSM updates! We do our best to monitor and forward all of them, but we recommend to also use this form as our team will systematically see your suggestion:
http://www.synology.com/support/inquiry ... enu&type=1

Suggestion: Two step authentiaction

Postby gxs » Fri Jun 08, 2012 1:47 pm

Hy

Implementing an option of a two step authentication would be great.
I'm currently using a Yubikey and a LastPass combo with a strong password on my DS. It would be simpler to implement the same option into DS from the start.
gxs
I'm New!
I'm New!
 
Posts: 5
Joined: Wed Jun 06, 2012 8:17 am

Re: Suggestion: Two step authentiaction

Postby Jacq » Mon Aug 27, 2012 8:30 pm

I think the same, it will be nice to have a two step verification.
Using the mail to validate new clients could be the easier solution.
Also the new solution that implements dropbox http://mashable.com/2012/08/27/dropbox-two-step-verification/ by means of the google authenticator http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 is quite interesting.

Anyway, in case of succesfull login, ¿is possible to automatically send a email to the admin with the source ip, login user...?, I couldn't find it, only the option to block the ip for incorrect login info.
Jacq
I'm New!
I'm New!
 
Posts: 3
Joined: Mon Aug 27, 2012 8:20 pm

Re: Suggestion: Two step authentiaction

Postby vuwuwuv » Fri Oct 12, 2012 11:47 am

Hi!

2-step authentication would be very welcome and useful. It adds another security layer where not only a traditional eavesdroppable username+password combination is necessary for login. It would also make brute forcing virtually impossible as adding the one-time password makes for ever-shifting correct login credentials.

Google has developed a PAM which goes hand in hand with authenicators on iOS, Android and Blackberry.
http://code.google.com/p/google-authenticator/

Please add it as a security option for logins through both the desktop, mobile web UIs and VPNs, it would be much appreciated!

VPN 2-step logins would be nice as well but difficult to implement on the client side at least on some less open mobile devices. As a workable-now solution, the Google authenticator and PAM combination can be used for supplying one-time passwords for use when opening up a VPN tunnel to the NAS. Since at least the non-jailbroken iOS VPN client implementation can only accept a username and password, it would be nice to be able to pass a password "salt" combined with a one-time authentication code from the google authentication as a VPN password to the Synology server.

E.g.
password "salt": €Et7/rD!,å stored in the VPN server on the NAS

On mobile device:
Google Authenticator generates 98347523

VPN client login on mobile device:
username: yourchoice
password: €Et7/rD!,å98347523

I only open up my firewall for inbound PPTP/OpenVPN so that would be much appreciated.

Thank you!

(not affiliated with Google in any way)
vuwuwuv
Trainee
Trainee
 
Posts: 10
Joined: Sat Jun 02, 2012 2:06 pm


Return to Feature Requests & Product Improvement Suggestions

Who is online

Users browsing this forum: stefaanbolle and 6 guests