Control Web Panel
Developers => Suggestions => Topic started by: ferrynl on April 01, 2015, 04:01:00 PM
-
Google Authenticator for login the panel not only the root password.
-
Surprised the team didn't consider this already!
Two-step auth is very important for security!!
For example, let's say a hacker did find a way to figure out your password to the server, you are still safe because they can't access your panel without your phone.
And if you're thinking "Well he has my root password, he could just use SSH" then simply change from password auth for ssh, to SSH Keys, then you're fine :)
But really CWP, we should add Authy/Google Auth 2 step auth to the CWP panel for both Root and User accounts. It will be an optional feature, but one that is needed. Make sure there are "backup codes" that can be generated too incase we lose our phones or what not; and that they are NOT stored on the server since that would compromise security. They need to be generated and emailed/printed off; then delete it from the server somehow. Not sure how you guys will do it, but you're geniuses :D
Keep up the amazing work on this panel! 8)
-
You can accomplish this by installing Google Authentication via SSH; but it would still be nice for CWP to take a-look at this for security measures, Also e-mail logging of "FAILED" Login Attempts on "ANY" CWP Accounts.