Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

two-factor authentication #358

Open
sserrano44 opened this issue Sep 18, 2015 · 76 comments

Comments

Projects
None yet
@sserrano44
Copy link

commented Sep 18, 2015

Please add two-factor authentication people is using your service for deploying to production in continuos integration scenarios like Amazon EC2 Container Service.

@scottampush

This comment has been minimized.

Copy link

commented Oct 23, 2015

Bump ⬆️

1 similar comment
@sankethkatta

This comment has been minimized.

Copy link

commented Oct 23, 2015

Bump ⬆️

@Manouchehri

This comment has been minimized.

Copy link

commented Oct 24, 2015

TOTP or U2F would be great to have.

@joeldrapper

This comment has been minimized.

Copy link

commented Dec 10, 2015

👍

1 similar comment
@jpettersson

This comment has been minimized.

Copy link

commented Dec 29, 2015

👍

@pieterdd

This comment has been minimized.

Copy link

commented Jan 24, 2016

Bump ⬆️

@let4be

This comment has been minimized.

Copy link

commented Feb 2, 2016

Any update?
Currently using docker hub private repos in production is questionable as tampering account password effectively means serious business problems

@cihanucar

This comment has been minimized.

Copy link

commented Jun 16, 2016

Any update?

@frekele

This comment has been minimized.

Copy link

commented Jul 12, 2016

+1, two-factor authentication and/or oauth 2.0

This is regrettable, Portal Docker Hub, seems built by a child, it seems thing beginner, very amateur.

How can I trust my private repositories to docker Hub of security does not seem to be important for them.

We are seriously thinking to migrate to another provider.

Safety first!!!!

@frekele

This comment has been minimized.

Copy link

commented Jul 12, 2016

@joeldrapper
I know him, including i already made some PR there. But the question here is another.

Security Docker Hub is the question here and not rancher server.

@joeldrapper

This comment has been minimized.

Copy link

commented Jul 13, 2016

@frekele sorry mate, I thought this might help if you were concerned about Docker Hub’s authentication for Docker Cloud. I don’t work for Docker, was just recommending Rancher as it’s more secure than Docker Cloud.

I totally agree with you. Docker Hub needs to take security seriously. 2FA, oauth, enforcing long passwords, etc. is really important for this. How can we know that even the official Docker Hub images, that we rely on, are safe from attack?

Personally, I'm making the best of the situation by using a ~50 character password that was generated by 1Password. That stops the brute-force threat, but can’t protect you from MITM or other possible attacks.

@frekele

This comment has been minimized.

Copy link

commented Jul 13, 2016

@joeldrapper Exactly.

@munhitsu

This comment has been minimized.

Copy link

commented Jul 18, 2016

2FA is a need

@BAlmeidaS

This comment has been minimized.

Copy link

commented Sep 14, 2016

Bump ⬆️

@chauffer

This comment has been minimized.

Copy link

commented Oct 16, 2016

👍

3 similar comments
@revett

This comment has been minimized.

Copy link

commented Nov 7, 2016

+1

@egut

This comment has been minimized.

Copy link

commented Nov 14, 2016

+1

@gregholland

This comment has been minimized.

Copy link

commented Nov 22, 2016

+1

@kolobus

This comment has been minimized.

Copy link

commented Dec 11, 2016

Bump

@koekiebox

This comment has been minimized.

Copy link

commented Dec 17, 2016

+1

@mrafayaleem

This comment has been minimized.

Copy link

commented Jan 11, 2017

Bump ⬆️

@mzac

This comment has been minimized.

Copy link

commented Jan 18, 2017

+1

@tjwebb

This comment has been minimized.

Copy link

commented Feb 3, 2017

security plz

@rhuddleston

This comment has been minimized.

Copy link

commented Feb 24, 2017

+1

3 similar comments
@roman-vynar

This comment has been minimized.

Copy link

commented Feb 24, 2017

+1

@samsheff

This comment has been minimized.

Copy link

commented Aug 3, 2017

+1

@basgys

This comment has been minimized.

Copy link

commented Aug 11, 2017

+1

@Psyborgue

This comment has been minimized.

Copy link

commented Dec 20, 2018

Seriously this is a bad joke. A service for developers with no 2fa. GitHub supports Yubikeys. I guess it's gonna take malware being distributed in a project tens of thousands use. Phish a distro's password or two and compromise it all.

@chris579

This comment has been minimized.

Copy link

commented Jan 26, 2019

Why is there still no 2FA support? This is crucial in 2k19.

@onclave

This comment has been minimized.

Copy link

commented Jan 27, 2019

2FA feature request in 2015, still lacks in 2019?

@oscartbeaumont

This comment has been minimized.

Copy link

commented Jan 27, 2019

Even the option to allow linking your Github account for logins then be able to disable direct account logins (like Netlify allows) would be an alternate solution.

@elgohr

This comment has been minimized.

Copy link

commented Feb 10, 2019

Bump

@junjizhi

This comment has been minimized.

Copy link

commented Apr 27, 2019

Docker Hub got hacked. And I had to change my password right away. I could be less worried if they had 2FA.

@iMerica

This comment has been minimized.

Copy link

commented Apr 27, 2019

Docker, the container technology is great, but "Docker Inc" the company continues to fail their users. This is a perfect example of that.

@Widdershin

This comment has been minimized.

Copy link

commented Apr 27, 2019

@jakubgs

This comment has been minimized.

Copy link

commented Apr 27, 2019

Considering the recent Docker Hub hack this should be considered a priority by the Docker team.

@onclave

This comment has been minimized.

Copy link

commented Apr 27, 2019

I mean, seriously, what is the point of not resolving this feature request? It's not even rocket science! It's more than 3 years now that so many people are asking for this!

@Terkwood

This comment has been minimized.

Copy link

commented Apr 27, 2019

Fail 🔥

@stuntguy3000

This comment has been minimized.

Copy link

commented Apr 27, 2019

GG

@ukos-git

This comment has been minimized.

Copy link

commented Apr 27, 2019

also considering latest security breach!

@weskerfoot

This comment has been minimized.

Copy link

commented Apr 27, 2019

The fact that this hasn't been implemented tells me that Docker does not care about designing secure systems. Images should be immutable and cryptographically signed as well (without any option to turn that off). It's been 4 years and none of this has been implemented as far as I can tell. I don't care if it's inconvenient, or that they use "best practices". It's necessary if you're going to be handling people's images and distributing them. You need to take this more seriously Docker.

@apastuszak

This comment has been minimized.

Copy link

commented Apr 27, 2019

Either this or SQRL support. Something better than a password.

@sweepyoface

This comment has been minimized.

Copy link

commented Apr 27, 2019

Well this is awkward..

@pbostrom

This comment has been minimized.

Copy link

commented Apr 28, 2019

for the love of god

@phantomtypist

This comment has been minimized.

Copy link

commented Apr 28, 2019

How on earth have you guys not implemented this yet? WTF is wrong with you?

@xied75

This comment has been minimized.

Copy link

commented Apr 28, 2019

Not trying adding noise, but what is the possibilities that hacker could then clone and get hold of private repositories from GitHub? This is certainly huge risk here?!

@pbostrom

This comment has been minimized.

Copy link

commented Apr 28, 2019

Not trying adding noise, but what is the possibilities that hacker could then clone and get hold of private repositories from GitHub? This is certainly huge risk here?!

@xied75 The risk is that the hackers can get your Docker Hub password and then push malicious code to your Docker Hub repositories. This does not affect your GitHub repos.

Edit: I stand corrected.

@chris579

This comment has been minimized.

Copy link

commented Apr 28, 2019

@pbostrom as most users connected their account with GitHub there’s some risk an attacker could access private repos as Docker Hub can too.

@fbender

This comment has been minimized.

Copy link

commented Apr 28, 2019

Definitely a must-have for such a prominent provider.

While this issue would not have prevented the security incident, it would be better yet for Docker Hub to provide login options that do not require you store a user password, like WebAuthn or external login solutions from GitHub, GitLab, BitBucket, Slack, and whatever else is already integrated into the platform (#1803).

@bplasmeijer

This comment has been minimized.

Copy link

commented Apr 28, 2019

can we please add this option!

@hapylestat

This comment has been minimized.

Copy link

commented Apr 30, 2019

4 years gone since ticked have been created, docker hub accounts were hacked ....and still no response

@jadunawa

This comment has been minimized.

Copy link

commented Apr 30, 2019

Definitely a must-have for such a prominent provider.

While this issue would not have prevented the security incident, it would be better yet for Docker Hub to provide login options that do not require you store a user password, like WebAuthn or external login solutions from GitHub, GitLab, BitBucket, Slack, and whatever else is already integrated into the platform (#1803).

Okta!

@alexclst

This comment has been minimized.

Copy link

commented Apr 30, 2019

Please do this. Especially after the breach. There is no excuse for a developer tool to lack this.

@meticulous-dft

This comment has been minimized.

Copy link

commented May 5, 2019

Yes, this is our top priority.

@joshatintegris

This comment has been minimized.

Copy link

commented May 16, 2019

I would love to see SSO with OneLogin and Okta or just SAML in general. And please don't be like every other vendor and charge an exorbitant amount of extra money for it. SAML and MFA should be a standard feature of every SaaS platform in today's age.

@metalcamp

This comment has been minimized.

Copy link

commented May 20, 2019

Any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.