Feature #14743
open
Add Passkey/Certificate-based Authentication
0%
Description
pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.
There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.
Files
Updated by Paul Smith over 1 year ago
Kris Phillips wrote:
pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.
There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.
Just saw this request after submitting mine.
https://redmine.pfsense.org/issues/15244
Updated by Sergei Shablovsky about 1 year ago
UPVOTE THIS
Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall (especially border, - the core of company security infrastructure) itself by VPN/SSH become #1.
(Of course with additional monitoring and alerting tool).
Todays leader for both Personal and Enterprise’s MFA marker are YubiKeys https://www.yubico.com/products/,- PERFECT DEVELOPED, WELL INGENEERED and W/O ANY COMPROMISING ISSUES on a millions of customers.
So, reasonable to securing ALL THREE local physical VGA terminal, SSH terminal and WebGUI access by YubiKey 5 Series (https://www.yubico.com/products/yubikey-5-overview/, PDF https://resources.yubico.com/53ZDUYE6/as/q3uxbe-6n9olc-9ywi4w/YubiKey_5_Series_Product_Brief.pdf, latest model line).
Well-documented (https://docs.yubico.com/ all official docs) API, SDK, and a lot of ready (and well tested by thousands of professionals in security) code https://www.google.com/search?q=YubiKey+FreeBSD&ie=UTF-8&oe=UTF-8&hl=en&client=safari#ip=1 (most valuable are links on FreeBSD user forum and GitHub).
I hope all this facts help Netgate (as one of the leaders of industry) to obtain extra value for their pfSense+ and CE products.
Updated by Jesse Norell 15 days ago
Sergei Shablovsky wrote in #note-2:
UPVOTE THIS
How do you vote, just comment "me too!" or watch the issue or ?
Thanks, and me too!
Jesse
Updated by Kris Phillips 13 days ago
Jesse Norell wrote in #note-3:
Sergei Shablovsky wrote in #note-2:
UPVOTE THIS
How do you vote, just comment "me too!" or watch the issue or ?
Thanks, and me too!
Jesse
Redmines don't have an upvote button. The most comments and requests that "push" redmines to the top of the list repeatedly are more likely to get the most work.
2FA support has been added to Netgate Nexus, which is the Multi-instance Management solution for Plus, so there are improvements happening for 2FA. Passkeys and physical device keys have not been implemented yet.