FEATURE ANNOUNCEMENT: Two-Factor Authentication in RavenDB Studio (GUI)

[ppekrol]

Affected versions:
5.4.116+, 6.0.100+

Affected subsystems:
Security

Since all communication is protected via X.509 certificates and client application are passive, we offer you to enable Two-Factor on certificate basis.

Browsing our management UI can be even more safer, once you enable it.

How to start using Two-Factor Authentication

1. Go to 'Certificates' view in RavenDB Studio.
2. Create or Edit existing certificate. Click on 'Require two-factor authentication'.
3. Scan QR Code (authentication key)
4. Setup is completed!

Two-factor Login Screen

Once we detect that given certificate requires two-factor, user is presented with following screen:

User can enter session duration (for auto log-out) and scope of protection.

• Trust only this browser - choose this option for maximum security - only this browser can access server using this certificate.
• Trust all clients - This is convenience option, which allows access not only from this browser. It might be useful during debugging, etc. Once you establish Two-Factor session you can use same certificate to connect to RavenDB using curl, or your favorite RavenDB client. Server won't ask for security code during session duration.

New configuration options:

• Security.TwoFactor.DefaultSessionDurationInMin - default session duration (in minutes)
• Security.TwoFactor.MaxSessionDurationInMin- maximum session duration (in minutes)

Let us know what do you think about this new feature in the comments. Stay safe and enjoy.