As described here: https://www.yubico.com/applications/fido/
It would be nice to have the choice to use a 2FA device rather than something _arguably_ compromisable like an OATH app on an Android phone.
https://developers.yubico.com/php-u2flib-server/
https://developers.yubico.com/U2F/Libraries/Using_a_library.html
PHP library and pseudocode examples
I want this too, it's less of a hassle to manage and safer as well.
me too
That would be nice indeed. Should not be too much work with a plugin, as the sample libs are there already.
any roadmap on this topic?
+1 but also fido2 maybe :D
although one would have to store the imap passowrd, if going passwordless is the idea, because the main point of FIDO2 is the support for using a PIN, aka not sending over a password.not aware that imap supports that, lol
not aware that imap supports that, lol
i don't get you, sorry - what has the imap passwort to do with securing the login to rainloop service?
rainloop iirc uses imap login data.
but even if not, with passwordless Fido modes you would have to store the imap passwords somewhere IN PLAINTEXT (or at least a way you can retrieve the plain text without any extras)
after all how else is rainloop supposed to grab the mails
sorry, still different planets. please correct me, if i am totally wrong.
rainloop is a web client. for mail. i need an account for rainloop-client. custom username. custom password. i can put 2fa to secure this account.
after doing that i have access to my client. and can choose, which kind of mail account i want to connect. these mail accounts are _not_ secured via 2fa (how should this even work, when the account comes from a third party provider).
so 2fa is for securing the web login to rainloop login only.
am i right?
last time I checked rainloop it iirc used directly imap email addresses and passwords for logins (except for maybe putting a 2FA on top for the web login)
so if you dont provide the password at login rainloop would have to store it somewhere (after all rainloop needs to pull the mails from somewhere using some credentials)
2FA is only for securing the web but the current approach of password+TOTP allows rainloop to obtain the imap password to temp-store it.
when going passwordless rainloop would have to store the pw all the time
oh wait, yes, now i got you, sorry. i was in the admin account with my thoughts, but yes, the webmailer itself uses imap passwords.
so for me u2f would be enough then, nobody wants plaintext storing of imap passwords.
well think we should technically use webauthn with userverification discouraged, same effect but higher compatibility and newer API
Please Implement yubikey auth support !
Most helpful comment
I want this too, it's less of a hassle to manage and safer as well.