Jump to content
Not connected, Your IP: 100.24.20.141
Sign in to follow this  
anonym

Suggestion: Add multifactor/2factor authentication (MFA/2FA) for online logins and Eddie

Recommended Posts

Hi,

 

I have a suggestion that should increase security for Air and customers. My suggestion is for Air to configure an optional system of multifactor/two-factor authentication for logging in to the AirVPN website, as well as for the initial setup of the Eddie software (entering login details).

 

This can be enabled or disabled by the user and accomplished by either:

  • a smartphone app such as FreeOTP (which is open source and available for iOS/Android).
  • a hardware device such as Nitrokey (which is open hardware) or a similar USB one time password generator (Yubikey, etc.)

 

The user will be prompted on their phone or mobile device with a number to enter in additionally to their password.

 

This makes sure nobody but the authorized user has access to the account, profile, etc. Air would probably be the first VPN provider to have this as an option.

 

 

Regards,

 

anonym

Share this post


Link to post

Eddie is just a frontend for OpenVPN configs. OpenVPN was not designed with 2FA in mind, and doesn't support it without PAM, which in place requires excessive logging.

It makes sense to use 2FA on a corporate VPN where unauthorized access and compromised logins can be a big security risk, but on a public VPN where everyone can get

a free trial or buy a monthly subscription for the price of a coffee, this is not a huge advantage. Other providers didn't implement it for this same reason, I believe.

There is simply nothing personal to protect in terms of login information - except private messages on the forums and your 3 connection slots.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...