KillerK Posted April 4 Share Posted April 4 Hi, I'm new to unraid and as of typing I'm 24 days and 1 hour away from buying my first license 🙂  First impressions are good, I'm getting out of unraid what I put in (pun kinda intented), but I'm honestly surprised at the lack of some basic security on the front door. I mean its 2024 and MFA should be considered a hygine factor not an "enhancement"! I've read a few posts on this topic and was linked to an unraid blog with the overaching point being 'just don't expose your unraid server to the internet'...there are several reasons why MFA should still be considered a minimum regardless of whether its exposed on a public edge or not.  I appriecate there are several options availble for me to add MFA by proxying the unraid dashboard and adding a 3rd party app like Authelia but the remaining concern this doesn't mitigate is the basic password auth option is still their in unraid and can be exploited by a threat actor.  In terms of roadmap here I strongly feel that basic TOTP should be added, its a minimal investment in dev time to add, you've already done it for the forum itself and the forum here seems productive from what I have read so support could be divested to that for the most part. If I'm being honest I also think that more dev time should be invested to take this further to enable a push based MFA process either via third parties like Cisco DUO or via your own mobile app but I acknowledge thats why its called a roadmap, for now I'd get happy with just a basic TOTP step.  Whinge over and thanks for taking the time to read this. 2 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.