Project

General

Profile

Actions

Feature #14743

open

Add Passkey/Certificate-based Authentication

Added by Kris Phillips over 1 year ago. Updated 13 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.


Files

Actions #1

Updated by Paul Smith over 1 year ago

Kris Phillips wrote:

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.

Just saw this request after submitting mine.
https://redmine.pfsense.org/issues/15244

Actions #2

Updated by Sergei Shablovsky about 1 year ago

UPVOTE THIS

Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall (especially border, - the core of company security infrastructure) itself by VPN/SSH become #1.
(Of course with additional monitoring and alerting tool).

Todays leader for both Personal and Enterprise’s MFA marker are YubiKeys https://www.yubico.com/products/,- PERFECT DEVELOPED, WELL INGENEERED and W/O ANY COMPROMISING ISSUES on a millions of customers.

So, reasonable to securing ALL THREE local physical VGA terminal, SSH terminal and WebGUI access by YubiKey 5 Series (https://www.yubico.com/products/yubikey-5-overview/, PDF https://resources.yubico.com/53ZDUYE6/as/q3uxbe-6n9olc-9ywi4w/YubiKey_5_Series_Product_Brief.pdf, latest model line).

Well-documented (https://docs.yubico.com/ all official docs) API, SDK, and a lot of ready (and well tested by thousands of professionals in security) code https://www.google.com/search?q=YubiKey+FreeBSD&ie=UTF-8&oe=UTF-8&hl=en&client=safari#ip=1 (most valuable are links on FreeBSD user forum and GitHub).

I hope all this facts help Netgate (as one of the leaders of industry) to obtain extra value for their pfSense+ and CE products.

Actions #3

Updated by Jesse Norell 15 days ago

Sergei Shablovsky wrote in #note-2:

UPVOTE THIS

How do you vote, just comment "me too!" or watch the issue or ?

Thanks, and me too!
Jesse

Actions #4

Updated by Kris Phillips 13 days ago

Jesse Norell wrote in #note-3:

Sergei Shablovsky wrote in #note-2:

UPVOTE THIS

How do you vote, just comment "me too!" or watch the issue or ?

Thanks, and me too!
Jesse

Redmines don't have an upvote button. The most comments and requests that "push" redmines to the top of the list repeatedly are more likely to get the most work.

2FA support has been added to Netgate Nexus, which is the Multi-instance Management solution for Plus, so there are improvements happening for 2FA. Passkeys and physical device keys have not been implemented yet.

Actions

Also available in: Atom PDF