[New Auth] - Create list of options for new authentication system. #815
Labels
No Label
administration
Akkoma
Android
Bare metal
bug
Communication
Community
Cryptpad
Discussion
Documentation
duplicate
enhancement
etherpad
Feature request
Feedback
finances
Fixed
forgejo
fun_project
Goal 2024
help wanted
Howto
🤔️ Investigate
ios
jitsi
lacre
Lacre Test
ldap
Lemmy
LibreTranslate
low prio
Lufi
macos
Mail
Merch
monitoring
movim
needs_refine
New Auth
Nextcloud
nice to have
on hold
proposal
question
Ready
refined
Roundcube
searX
spam-protection
Staging Server
Themes
TOR
Urgent!
Website
windows
wontfix
xmpp
Yearly Report
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Disroot/Disroot-Project#815
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Choosing new authentication system should begin from gathering as much information as possible before any serious work is done to save on resources.
Criteria (wip)
The main criteria we are looking at are as follows:
Candidates (wip)
From our current investigation we have decided to look into the following:
The purpose of this task is to:
Once the task is complete, depending on the outcome following tasks will be created based on the guideline from #780
@muppeth It might be nice to have support for FIDO2 integration added to this list of criteria.
something that creates a one time code during account creation with that user can reset their password with themself would be a nice feature
@avg_joe Wouldn't such a code be more troublesome (and less secure) than the current security questions required for a password reset? https://user.disroot.org/pwm/public/forgottenpassword
Plus, for those who prefer a code, that can still be a custom question they can add when setting up their prompt answers.
@hrmo why do you think it would be less secure? it is very often used for example with 2FA. besides i think the answers to security questions can be "hacked" by social engineering. so i'm not that confident about their level of security.