I would like to thank you for the efforts you have made in writing this post. Thanks for posting Really Such Things. I should recommend your site to my friends.
-
Sorry, but it is not supposed to be merged with 5.6.9. I don't have time to investigate this.Leave a comment:
-
I've just merged the GitHub TOTP changes with the latest 5.6.9 release of EspoCRM.
I've enabled TFA for the "admin" account and having used the Google Authenticator app to scan the QR code and generate the TFA code, I can confirm that I can NO LONGER log in via the admin user name.
The "please wait" banner appears and when I check with Google's developer tools, I can see an "authorization failed" message in the JS console.Leave a comment:
-
TOTP 2 factor auth is planned for the future. Maybe the next minor release.Leave a comment:
-
I decided in the end to push forward and enable Google two-factor authentication for Apache.
It requires a bit of set up first and uses the Google Authenticator app to authorise the sign in attempts.
For reference, here the is repo which I used: https://github.com/itemir/apache_2fa
Leave a comment:
-
Taking EspoCRM Public
We now have a requirement to make EspoCRM public-facing so that any of our users can log into the system from around the world.
I have read posts which question the security of the EspoCRM system so I was wondering, how have other users handled this situation?
We are running on a Linux server with Apache. Given that EspoCRM does not uses a 2FA authentication system, I'm looking at using something like Google Authenticator as the initial blocker for external requests to the site.
Can anyone share their experiences, please?
Leave a comment: