Two factor authentication enforcement
Open Discussion
As a server administrator or reseller I would like to be able to force all of my cPanel and sub-users to use two-factor authentication to increase the security of my server.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Hi,
I just wanted to submit a feature suggestion where I wanted users that log in to be explicitely invited to enable two factor authentication to increase security, not necessarily enforcing them.
In doing so, I found this one, so I wanted to add my vote to this one.
Buildin on this, it would be brilliant if there could be a notification on top of the user's cPanel indicating the security of their account:
1/ check for 2FA
2/ check for age of their password
3/ check for unused accounts (like FTP accounts that have never been logged into...)
4/ ... add more checks when we can
and it would be great that a user that logs into cPanel gets a warning "Attention; your account is not fully secured. Help us by keeping our servers safe for everyone"
When clicked, it should provide some information as to what they can do to increase security on their account.
2FA really should be stimulated some more, especially since we have servers where only 2 - 3 users out of 400 accounts have it enabled...
Thanks so much!
David.
Hi,
I just wanted to submit a feature suggestion where I wanted users that log in to be explicitely invited to enable two factor authentication to increase security, not necessarily enforcing them.
In doing so, I found this one, so I wanted to add my vote to this one.
Buildin on this, it would be brilliant if there could be a notification on top of the user's cPanel indicating the security of their account:
1/ check for 2FA
2/ check for age of their password
3/ check for unused accounts (like FTP accounts that have never been logged into...)
4/ ... add more checks when we can
and it would be great that a user that logs into cPanel gets a warning "Attention; your account is not fully secured. Help us by keeping our servers safe for everyone"
When clicked, it should provide some information as to what they can do to increase security on their account.
2FA really should be stimulated some more, especially since we have servers where only 2 - 3 users out of 400 accounts have it enabled...
Thanks so much!
David.
Just like passwords, there is also something called 2FA fatigue.
If you have over 100 2Fa accounts in Google Authenticator or Microsoft Authenticator or Authy, finding what you need when you need it is far from optimal.
Moreover, when you create an account with a strong password, customers often change it to something weaker and easily guessable.
They also completely ignore the two-factor authentication.
While your suggestion is something that is worth implementing, cPanel should do away with OTP and embrace a 6-digit push notification to either the email address on file or phone.
In fact, they can actually use this both for all authentications (password/2FA) as that will make it easier for customers to use the product,.
Just like passwords, there is also something called 2FA fatigue.
If you have over 100 2Fa accounts in Google Authenticator or Microsoft Authenticator or Authy, finding what you need when you need it is far from optimal.
Moreover, when you create an account with a strong password, customers often change it to something weaker and easily guessable.
They also completely ignore the two-factor authentication.
While your suggestion is something that is worth implementing, cPanel should do away with OTP and embrace a 6-digit push notification to either the email address on file or phone.
In fact, they can actually use this both for all authentications (password/2FA) as that will make it easier for customers to use the product,.
Replies have been locked on this page!