mselley 6 Posted July 29, 2019 Share Posted July 29, 2019 +1 2fa for new devices would really help secure emby content, it's pretty industry standard now. Link to comment Share on other sites More sharing options...
ebr 15285 Posted July 30, 2019 Share Posted July 30, 2019 it's pretty industry standard now. Not really with media apps due to the burden it adds to access. We understand the desire for this and will probably end up getting there eventually but it needs to be designed very carefully (be very optional). Link to comment Share on other sites More sharing options...
metalcated 26 Posted September 6, 2019 Share Posted September 6, 2019 I am all for this! Link to comment Share on other sites More sharing options...
rbjtech 4689 Posted September 6, 2019 Share Posted September 6, 2019 Like most of the mainstream streaming services, Emby already has 2FA of sorts - Login and Device restrictions. By default, any login can play on any device - but if you turn this off (per user) then the DEVICE itself (which is assigned a unique ID) becomes the 2FA... For Prime (and probably Netlix) you have to Authorise the device it plays on, Emby is no different in concept, but you have to De-Authorise instead if you want 2FA. For the Web admin itself - then simply turn off internet access for your admin users .. ..and then if you really do want to Administer Emby remotely (ie not on the LAN) then VPN onto your LAN (via 2FA..). 2 Link to comment Share on other sites More sharing options...
notla49285 46 Posted September 9, 2019 Share Posted September 9, 2019 Like most of the mainstream streaming services, Emby already has 2FA of sorts - Login and Device restrictions. By default, any login can play on any device - but if you turn this off (per user) then the DEVICE itself (which is assigned a unique ID) becomes the 2FA... For Prime (and probably Netlix) you have to Authorise the device it plays on, Emby is no different in concept, but you have to De-Authorise instead if you want 2FA. For the Web admin itself - then simply turn off internet access for your admin users .. ..and then if you really do want to Administer Emby remotely (ie not on the LAN) then VPN onto your LAN (via 2FA..). That's two levels of authorization, which is not the same as 2FA (2-factor authentication). Link to comment Share on other sites More sharing options...
rbjtech 4689 Posted September 9, 2019 Share Posted September 9, 2019 (edited) "Emby already has 2FA of sorts" Authentication - Proof that you are who you claim to be. Authentication 1 - Your emby login - Unique to you, only you know the password. Authentication 2 ? - Your unique key assigned to YOUR personal device in your possession. ie no different to a SMS TEXT code sent to YOUR phone. It doesn't confirm it's you - it confirms it was sent to YOUR phone, which may no longer be in your possession. The 'of sorts' bit I mention is because you can of course login to Emby with just 1FA, but the 'Authorisation' may lock you out because of second Authentication method ... bit of a grey area I agree.. but i do know the difference thanks.. Edited September 9, 2019 by rbjtech Link to comment Share on other sites More sharing options...
notla49285 46 Posted September 10, 2019 Share Posted September 10, 2019 i do know the difference thanks.. Yeah, clearly... Link to comment Share on other sites More sharing options...
Painkiller8818 217 Posted June 7, 2020 Share Posted June 7, 2020 +1 on this. Link to comment Share on other sites More sharing options...
unisoft 308 Posted June 21, 2020 Share Posted June 21, 2020 (edited) The world has changed over the past 1- 1.5 years. 2 FA is now required in Emby, and I'd like them to use the authenticator apps such as Microsoft Authenticator rather than SMS. Also, the option to disable the remote login page (web) BUT keep the ability to configure the URL and credentials when in an Emby application and using HTTPS. This stops casual web browsing to a domain and see the emby login web page and then setup a challenge for a script kiddie. Edited June 21, 2020 by unisoft 3 Link to comment Share on other sites More sharing options...
ertagon2 44 Posted June 22, 2020 Share Posted June 22, 2020 +1 I think this is a great idea. Nothing is better than airtight security <3. 1 Link to comment Share on other sites More sharing options...
Devdroid 21 Posted September 3, 2020 Share Posted September 3, 2020 Would love to see this soon. Link to comment Share on other sites More sharing options...
PhantomCircuit 6 Posted September 19, 2020 Share Posted September 19, 2020 today my Emby showed a lot of 'continue watching' videos. a lot was not complete. i probe further and it sees my login was accessed by someone else. not sure how they get the password. I suspect it is coming from a Chrome extension. i would strongly suggest to have a 2FA. there are a lot of sites that support 2FA. it has become the normal. so should Emby. 1 Link to comment Share on other sites More sharing options...
GWTPqZp6b 49 Posted November 24, 2020 Share Posted November 24, 2020 Would like to see 2fa added at some point also. Adding by vote. Is there a backlog of feature asks the community can vote on to influence priority? Link to comment Share on other sites More sharing options...
Luke 38372 Posted November 24, 2020 Share Posted November 24, 2020 3 minutes ago, GWTPqZp6b said: Is there a backlog of feature asks the community can vote on to influence priority? Hi, yes, all of the topics here in the feature requests area. Link to comment Share on other sites More sharing options...
cTurtle98 1 Posted November 26, 2020 Share Posted November 26, 2020 I would also like to see this implemented with separate enable disable options for external and internal connections I would also like this to support yubikey 2fa through nfc on the mobile app and not just the code generator apps 1 Link to comment Share on other sites More sharing options...
wondermouse 0 Posted December 5, 2020 Share Posted December 5, 2020 +1 Link to comment Share on other sites More sharing options...
ozi83 1 Posted December 6, 2020 Share Posted December 6, 2020 Would SQRL (https://en.m.wikipedia.org/wiki/SQRL) be a possible alternative to traditional 2FA/MFA? Link to comment Share on other sites More sharing options...
Rocoteptron 2 Posted December 7, 2020 Share Posted December 7, 2020 +1 Link to comment Share on other sites More sharing options...
GWTPqZp6b 49 Posted December 7, 2020 Share Posted December 7, 2020 (edited) 22 hours ago, ozi83 said: Would SQRL (https://en.m.wikipedia.org/wiki/SQRL) be a possible alternative to traditional 2FA/MFA? Can you summarize what benefits would that offer? If engineering resources are going to be allocated towards implementing 2FA I would rather a conventional (i.e tried and tested, & users are familiar with) approach was taken, unless theres good reason to deviate. Edited December 7, 2020 by GWTPqZp6b tried to add some logic Link to comment Share on other sites More sharing options...
ozi83 1 Posted December 8, 2020 Share Posted December 8, 2020 14 hours ago, GWTPqZp6b said: Can you summarize what benefits would that offer? If engineering resources are going to be allocated towards implementing 2FA I would rather a conventional (i.e tried and tested, & users are familiar with) approach was taken, unless theres good reason to deviate. Found the below summary: The user needs to remember only one password to access all websites – the password securing his master key. User secrets – password, master key, and private key – never leave his device, making them less susceptible to attack. Websites don’t need to handle or store sensitive user secrets – all they need is the user’s public key to verify his signature. Credentials are site-specific and based on asymmetric crypto, which means credentials are secured against brute force, password spraying, credential stuffing, and other common attacks on username/password authentication. I am all for any improvement's to the security of Emby be that 2FA/MFA or a system like SQRL. Link to comment Share on other sites More sharing options...
unisoft 308 Posted December 10, 2020 Share Posted December 10, 2020 On 07/12/2020 at 19:12, GWTPqZp6b said: Can you summarize what benefits would that offer? If engineering resources are going to be allocated towards implementing 2FA I would rather a conventional (i.e tried and tested, & users are familiar with) approach was taken, unless theres good reason to deviate. Microsoft Authenticator app. Job sorted. This AT LEAST has to be there from phase 1 of supporting multiple methods. Link to comment Share on other sites More sharing options...
Chyron 240 Posted December 10, 2020 Share Posted December 10, 2020 (edited) 1 hour ago, unisoft said: Microsoft Authenticator app. Job sorted. This AT LEAST has to be there from phase 1 of supporting multiple methods. TOTP (Time-based One-Time Password) via app is superior to SMS codes and emailed codes. So yes. This. Edited December 10, 2020 by Chyron Link to comment Share on other sites More sharing options...
GWTPqZp6b 49 Posted December 11, 2020 Share Posted December 11, 2020 7 hours ago, Chyron said: TOTP (Time-based One-Time Password) via app is superior to SMS codes and emailed codes. So yes. This. +1. I also assume bring self hosted, few will want to absorb costs of a SMS relay too. Link to comment Share on other sites More sharing options...
metsuke 27 Posted December 14, 2020 Share Posted December 14, 2020 @GWTPqZp6b @ozi83 @wondermouse @cTurtle98 @Radhi @Devdroid If this is still relevant to you guys, be sure to like the first post so that this feature will go up in priority, thanks! 2 1 Link to comment Share on other sites More sharing options...
PhantomCircuit 6 Posted December 14, 2020 Share Posted December 14, 2020 4 hours ago, metsuke said: @GWTPqZp6b @ozi83 @wondermouse @cTurtle98 @Radhi @Devdroid If this is still relevant to you guys, be sure to like the first post so that this feature will go up in priority, thanks! Done... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now