Plutocrat skrev den 2020-01-07 03:33:
https://doc.dovecot.org/configuration_manual/authentication/pam/ https://github.com/google/google-authenticator-libpam
it scales not very well to limit 2fa to only pam users, dovecot support many other auth backends and imho dovecot should never use 2fa, but it could and imho should be done in dovecot auth backend if possible to keep control where it belongs
if 2fa solve week passwords then 2fa is not needed, so keep it simple :=)
strong passwords is not a solution to leaked passwords, in that case its could help with 2fa
fun part there is nets that control visa cards auth cant make a policy that sms verify must be done on every transfer of money, only solution there is to change to master card and enable geolocation block of all until one self like to use our own master cards, i dont trust email auth to be better