I believe it’s about time we improve the security of the platform. Therefore, I created the following issue on GitHub:
I recently watched a couple of amazing videos about OH, where the author suggests not using myopenhab due to its weak authentication mechanism:
I wonder what you guys think and also whether passkey should be implemented on the MainUI.
Do you want to see Passkeys implemented on _____?
Looking forward to your comments.
As currently posted, I wonder if you mixing things.
myopenhab.org has a completely different authentication and authorization mechanism from MainUI.
That video is talking about myopenhab.org.
I definitely think anything that can be done to add TFA, FIDO2 keys, Passkeys, webauth, etc. to the Cloud Server would be a very good thing. I’d also like to see emails being sent for new logins and any changes to login parameters.
I’m not so sure that doing so for MainUI buys much protection so the balance of added complexity needs to be weighed against the risks it would mitigate.
I know myopenhab.org and MainUI are completely independent, and I’m sure this feature is lacking on myopenhab.org. Yet, like you, I’m not sure whether implementing Passkey on the MainUI could be useful or just a burden, so I raised the topic for the community to share their views.
I didn’t want to create 2 separate topics because I didn’t know how the topic would develop, but if required I could start a separate one.
I think adding support for 2FA (of any sort) to MainUI will need to happen eventually. But it’s probably premature to do so at this stage.
I added a poll at the top for people to easily “vote”.
I’m not sure such votes make too much sense. In general, having passkey support is something cool and I guess nobody would mind to have it (as it is usually an additional way of auth, not replacing other ways). So it is mainly a matter of finding a developer, who’s volunteering to work on it.