1. Home
  2. Knowledge Base
  3. Installation
  4. Twofactor Authentication 2fa
  1. Home
  2. Knowledge Base
  3. Management
  4. Twofactor Authentication 2fa
  1. Home
  2. Knowledge Base
  3. Security
  4. Twofactor Authentication 2fa

Twofactor Authentication 2fa

To enable two factor authentication set  g_pass_twofactor “true” then the users can enable two factor authentication in their user self admin interface:

https://your.mail.server/cgi/user.cgi

The user can then specify what level of two factor authentication they wish, as imap smtp and pop were never intended to use this type of authentication it only works really well for surgeweb logins. But it can still add a layer of security for the others as well.

The user.cgi page allows users to also create or delete application passwords for legacy applications (normal desktop email clients).

Alternatively the setting g_pass_twofactor_merged “true”, can be used, then the user logs into legacy applications with their regular password+twofactorcode. So lets say your password is ‘secret’ and your 2fa app was showing code ‘1232″, you would enter “secret+1232” as your password, it would then work as normal for a few hours, and then it would require the password to be entered again.

Lets be blunt, legacy applications (all normal email clients) are not designed to be used with two factor authentication, so it’s a question of ‘which cludge do you wish to use’. Both are much more secure than not having 2 factor authentication, but not nearly as secure as true 2fa. And both add a level of inconvenience.

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support