Re: Is multi factor authentication practical/feasible?

[Sam Kuper]

On Sun, Jun 26, 2022 at 06:52:05PM -0400, Steve Dondley wrote:
> I know roundcube offers a MFA plugin. But I don’t have the foggiest
> idea how of an iPhone, Android device, or Outlook could all be set up
> to work with MFA with a standard dovecot/postfix setup.

I'm currently vague on whether/how these can be integrated with
dovecot/postfix, but ...


> Are there any practical solutions for easily implementing MFA that
> could work across multiple devices?

... there exist several cross-platform hardware tokens:

- https://www.nitrokey.com/

- https://www.yubico.com

- https://www.nytimes.com/wirecutter/reviews/best-security-keys/


and time-based one-time passwords ("TOTP") are also cross-platform:

- https://en.wikipedia.org/wiki/Time-based_one-time_password

- https://en.wikipedia.org/wiki/FreeOTP

- https://en.wikipedia.org/wiki/Google_Authenticator

- https://en.wikipedia.org/wiki/LinOTP

- https://www.macrumors.com/2021/06/07/ios-15-built-in-password-authenticator/


Please update the thread if you make any progress.  Thanks!

Sam

Is multi factor authentication practical/feasible?

[Steve Dondley]

I have a small client whose insurance company insists they have MFA for their 
email to be covered under some kind of data protection policy. Currently I have 
the client set up on a Debian box for the email server coupled with roundcube 
for webmail. Most the users just use roundcube but some also use their mobile 
devices to check email. Maybe one person uses outlook. There’s about 5 to 10 
users total. 

I know roundcube offers a MFA plugin. But I don’t have the foggiest idea how of 
an iPhone, Android device, or Outlook could all be set up to work with MFA with 
a standard dovecot/postfix setup. Are there any practical solutions for easily 
implementing MFA that could work across multiple devices?