2FA

[ktara156]

Hello,

How can I setup 2FA login to ZM? I would like to perform hardening of my installation to get it secure as much as I can

[bbunge]

Some of us consider 2FA a placebo and not worth the effort. It is also a real pain when trying to get something done quickly. Unfortunately, many on line services have been brainwashed into believing it is the end all to improving security. And it isn't.

If and when the ZM developers decide to incorporate 2FA I hope they also have a way to disable it!

[iconnor]

Yeah I'm not likely to implement unless someone pays me to do it and have no fear, everything is always optional in ZM.

I did implement Microsoft SSO in the PRO version. If that is of interest.

[ktara156]

Ok, so there is no option for 2FA for now? Is there any way ho secure my ZM installation (login+password is not enough in my opinion)?
I've spoken with my colleges responsible for network and security and they told me that 2FA increase significantly safety for an average user. I know that there are several other methods (e.q. FIDO2), but 2FA seems to be just ok in terms of convenience of use vs security benefits.

[Andyrh]

While I believe 2FA is worthwhile, it is not always worthwhile.
There are 2 basic questions that will get you on the right path.

Is the data in question valuable to someone else?
Yes: Various security related things should be implemented.
No: Basic security may be good enough.

Is the data secure?
Yes, only if it cost more to get than it is worth.

[ktara156]

Instead of theorizing, I would prefer that we return to the specific questions that I allowed myself to ask.
So how, in addition to the login and password, can I secure my accounts to ZM through an additional communication channel? Or how else can I secure my accounts?
And the second topic - if there is no 2FA, but I would like such an option in ZM to be implemented - how much would it cost? I propose to make a crowdfunding campaign for this

[iconnor]

Maybe $1000, also it wouldn't go into 1.36. It would be a 1.37+ feature.

[ktara156]

Perfectly! Could you please set up some kickstarter and share link? I will try to promote this and of course donate on my own.

[iconnor]

I've begun the process. I've bumped it up to 2500 as a goal. Looks like it is going to a lot of time just to do the kickstarter. And they take their cut.

Probably going to be a week before it even goes live

[ktara156]

Perfectly, thanks for that!

[lbdroid]

2FA doesn't necessarily have to be implemented within ZM. You can implement it at the Apache level;

https://github.com/itemir/apache_2fa


Now if I understand how ZM works correctly, you would just need to set AUTH_TYPE to remote, and match up the usernames in ZM to those used for authentication in Apache.

[ktara156]

I've begun the process. I've bumped it up to 2500 as a goal. Looks like it is going to a lot of time just to do the kickstarter. And they take their cut.

Probably going to be a week before it even goes live

How are things going regarding kickstarter?

[ktara156]

I've begun the process. I've bumped it up to 2500 as a goal. Looks like it is going to a lot of time just to do the kickstarter. And they take their cut.

Probably going to be a week before it even goes live

Any news? Could you please share the link to the kickstarter?

[Greg_Talyor]

I've begun the process. I've bumped it up to 2500 as a goal. Looks like it is going to a lot of time just to do the kickstarter. And they take their cut.

Probably going to be a week before it even goes live

Go for it. I'll chip in a few quids. I think this is a good model for Zoneminder feature requests—democracy at work. Zoneminder (and Isaac) has served me well over the last few years. Since I've used Linux for other things, there's very little new to learn, mostly rtsp.

Ta.