Currently, access to the Modoboa web interface is only protected by a username / password combination. We've seen a lot of examples in the past, more or less recent, proving that this is not enough to ensure system's security. To improve this, more and more software add another layer of authentication by requesting a One Time Password after a succesful login. It's the mechanism we propose to implement in Modoboa, starting with HOTP and TOTP algorithms.
The activation of two-factor authentication will be optional and on a per-user basis. A new section will be added to the user settings section in order to control this:
Once enabled for a user, he will be asked for a unique password after each succesful authentication:
If you need/want/like this feature, it is time to sponsor it :-)
€220.00 on a goal of €700.00