-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for two-factor authentication #2
Comments
Yes! Though passphrase + SSH key is basically two factors already, we should support IAM Multi-Factor Auth. |
I was wondering abut SSH key security; do you have a way of enforcing a passphrase? |
It's probably outside the scope of Hologram to try and enforce passphrases; we just delegate to the user's wrt Multi-Factor Auth, we were unsure of how to get the UX right for it. Ideally Hologram is invisible to the user unless they need to change roles. Is it possible to just do the MFA dance once, whenever you do |
I was actually thinking about this a bit more, and think it could add additional security. It's probably most relevant for cross-account access (which will probably become more useful after authorization support in #14), but supporting IAM MFA functionality would allow people to place less trust in the hologram server. Scenario without MFA:
Scenario with MFA:
I still don't have a good sense of what a UI would look like though 😄 |
In addition to verifying the user's SSH key, the hologram server should optionally require two-factor authentication using one-time passwords.
The text was updated successfully, but these errors were encountered: