Project

General

Profile

Actions

Feature #14743

open

Add Passkey/Certificate-based Authentication

Added by Kris Phillips over 1 year ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.


Files

Actions #1

Updated by Paul Smith 11 months ago

Kris Phillips wrote:

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.

Just saw this request after submitting mine.
https://redmine.pfsense.org/issues/15244

Actions #2

Updated by Sergei Shablovsky 7 months ago

UPVOTE THIS

Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall (especially border, - the core of company security infrastructure) itself by VPN/SSH become #1.
(Of course with additional monitoring and alerting tool).

Todays leader for both Personal and Enterprise’s MFA marker are YubiKeys https://www.yubico.com/products/,- PERFECT DEVELOPED, WELL INGENEERED and W/O ANY COMPROMISING ISSUES on a millions of customers.

So, reasonable to securing ALL THREE local physical VGA terminal, SSH terminal and WebGUI access by YubiKey 5 Series (https://www.yubico.com/products/yubikey-5-overview/, PDF https://resources.yubico.com/53ZDUYE6/as/q3uxbe-6n9olc-9ywi4w/YubiKey_5_Series_Product_Brief.pdf, latest model line).

Well-documented (https://docs.yubico.com/ all official docs) API, SDK, and a lot of ready (and well tested by thousands of professionals in security) code https://www.google.com/search?q=YubiKey+FreeBSD&ie=UTF-8&oe=UTF-8&hl=en&client=safari#ip=1 (most valuable are links on FreeBSD user forum and GitHub).

I hope all this facts help Netgate (as one of the leaders of industry) to obtain extra value for their pfSense+ and CE products.

Actions

Also available in: Atom PDF