Project

General

Profile

Actions
Copy link

Feature #14743

open

Add Passkey/Certificate-based Authentication

Added by Kris Phillips 10 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.

Files

41AFB1AF-0816-433B-B8D9-4B78C224D628.png (110 KB) 41AFB1AF-0816-433B-B8D9-4B78C224D628.png Sergei Shablovsky, 05/29/2024 04:49 PM
Actions
Copy link
 #1

Updated by Paul Smith 5 months ago

Kris Phillips wrote:

pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.

There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.

Just saw this request after submitting mine.
https://redmine.pfsense.org/issues/15244

Actions
Copy link
 #2

Updated by Sergei Shablovsky about 1 month ago

UPVOTE THIS

Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall (especially border, - the core of company security infrastructure) itself by VPN/SSH become #1.
(Of course with additional monitoring and alerting tool).

Todays leader for both Personal and Enterprise’s MFA marker are YubiKeys https://www.yubico.com/products/,- PERFECT DEVELOPED, WELL INGENEERED and W/O ANY COMPROMISING ISSUES on a millions of customers.

So, reasonable to securing ALL THREE local physical VGA terminal, SSH terminal and WebGUI access by YubiKey 5 Series (https://www.yubico.com/products/yubikey-5-overview/, PDF https://resources.yubico.com/53ZDUYE6/as/q3uxbe-6n9olc-9ywi4w/YubiKey_5_Series_Product_Brief.pdf, latest model line).

Well-documented (https://docs.yubico.com/ all official docs) API, SDK, and a lot of ready (and well tested by thousands of professionals in security) code https://www.google.com/search?q=YubiKey+FreeBSD&ie=UTF-8&oe=UTF-8&hl=en&client=safari#ip=1 (most valuable are links on FreeBSD user forum and GitHub).

I hope all this facts help Netgate (as one of the leaders of industry) to obtain extra value for their pfSense+ and CE products.

Actions
Copy link

Also available in: Atom PDF