Jump to content
xorinzor

2-Factor Authentication (2FA)

Recommended Posts

mselley

+1 2fa for new devices would really help secure emby content, it's pretty industry standard now.

Share this post


Link to post
Share on other sites
ebr

 it's pretty industry standard now.

 

Not really with media apps due to the burden it adds to access.  We understand the desire for this and will probably end up getting there eventually but it needs to be designed very carefully (be very optional).

Share this post


Link to post
Share on other sites
rbjtech

Like most of the mainstream streaming services, Emby already has 2FA of sorts  - Login and Device restrictions.  By default, any login can play on any device - but if you turn this off (per user) then the DEVICE itself (which is assigned a unique ID) becomes the 2FA...

 

For Prime (and probably Netlix) you have to Authorise the device it plays on, Emby is no different in concept, but you have to De-Authorise instead if you want 2FA.

 

5d7293f86ea68_Devices.png

 

 

For the Web admin itself - then simply turn off internet access for your admin users  ..

 

5d7294a3c2c6a_admin.png

..and then if you really do want to Administer Emby remotely (ie not on the LAN) then VPN onto your LAN (via 2FA..).

Share this post


Link to post
Share on other sites
notla49285

Like most of the mainstream streaming services, Emby already has 2FA of sorts  - Login and Device restrictions.  By default, any login can play on any device - but if you turn this off (per user) then the DEVICE itself (which is assigned a unique ID) becomes the 2FA...

 

For Prime (and probably Netlix) you have to Authorise the device it plays on, Emby is no different in concept, but you have to De-Authorise instead if you want 2FA.

 

5d7293f86ea68_Devices.png

 

 

For the Web admin itself - then simply turn off internet access for your admin users  ..

 

5d7294a3c2c6a_admin.png

..and then if you really do want to Administer Emby remotely (ie not on the LAN) then VPN onto your LAN (via 2FA..).

 

That's two levels of authorization, which is not the same as 2FA (2-factor authentication).

Share this post


Link to post
Share on other sites
rbjtech

"Emby already has 2FA of sorts"

 

Authentication - Proof that you are who you claim to be.

 

Authentication 1 -  Your emby login - Unique to you, only you know the password.

Authentication 2  ?  -  Your unique key assigned to YOUR personal device in your possession.  ie no different to a SMS TEXT code sent to YOUR phone.  It doesn't confirm it's you - it confirms it was sent to YOUR phone, which may no longer be in your possession.

 

The 'of sorts' bit I mention is because you can of course login to Emby with just 1FA, but the 'Authorisation' may lock you out because of second Authentication method ... bit of a grey area I agree.. but i do know the difference thanks..  ;)

Edited by rbjtech

Share this post


Link to post
Share on other sites
notla49285

i do know the difference thanks..  ;)

 

Yeah, clearly... :huh:

Share this post


Link to post
Share on other sites
Painkiller8818

+1 on this.

Share this post


Link to post
Share on other sites
unisoft
Posted (edited)

The world has changed over the past 1- 1.5 years. 2 FA is now required in Emby, and I'd like them to use the authenticator apps such as Microsoft Authenticator rather than SMS.

 

Also, the option to disable the remote login page (web) BUT keep the ability to configure the URL and credentials when in an Emby application and using HTTPS. This stops casual web browsing to a domain and see the emby login web page and then setup a challenge for a script kiddie.

Edited by unisoft
  • Like 3

Share this post


Link to post
Share on other sites
ertagon2

+1
I think this is a great idea. Nothing is better than airtight security <3.

  • Like 1

Share this post


Link to post
Share on other sites
Devdroid

Would love to see this soon.

 

Share this post


Link to post
Share on other sites
Radhi

today my Emby showed a lot of 'continue watching' videos. 

a lot was not complete. i probe further and it sees my login was accessed by someone else.

not sure how they get the password. I suspect it is coming from a Chrome extension. 

i would strongly suggest to have a 2FA. 

there are a lot of sites that support 2FA. it has become the normal. 

so should Emby. 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...