yocker 1575 Posted March 7 Posted March 7 Disable admin account from outside and use VPN when needing to use the admin account should make files secure. Keep an eye on where users connect from once in a while, there are plugins for that. Blacklist countries you have no users in. Make sure users don't set 1234 as password.. Emby needs a feature for minimum lenght and special character passwords Correctly set up proxy instead of direct Emby access. Tailscale funnel also works very nicely and doesn't require "outsiders" to have tailscale. Not saying 2fa isn't needed, just that there are other ways to secure the server. 1 1
muzicman0 86 Posted March 7 Posted March 7 I honestly don't understand the 2fa on just admin accounts. I don't want ANYONE logging into my server that I don't know, admin or not. 2
ugenest 1 Posted March 8 Posted March 8 On 3/4/2026 at 12:44 PM, ugenest said: +1 for 2FA for the admin account for any account would be better (that would be perfect), but than nothing, it should be at least for the admin account
yocker 1575 Posted March 8 Posted March 8 3 hours ago, ugenest said: for any account would be better (that would be perfect), but than nothing, it should be at least for the admin account If only the admin account then a VPN would be easier and better. 1
bandit8623 241 Posted March 10 Posted March 10 On 3/8/2026 at 11:42 AM, yocker said: If only the admin account then a VPN would be easier and better. using 2 factor auth vpn i disagree. extra work compared
yocker 1575 Posted March 10 Posted March 10 39 minutes ago, bandit8623 said: using 2 factor auth vpn i disagree. extra work compared VPN is typically easy to set up and a click of a button to connect once set up. IMO the most amount of work is opening the port for it if not using tailscale.
bandit8623 241 Posted March 10 Posted March 10 (edited) 9 minutes ago, yocker said: VPN is typically easy to set up and a click of a button to connect once set up. IMO the most amount of work is opening the port for it if not using tailscale. thats if you use tailscale i guess. i use openvpn with 2fa. nothing touches my internal network. all done on opnsense Edited March 10 by bandit8623
yocker 1575 Posted March 10 Posted March 10 6 minutes ago, bandit8623 said: thats if you use tailscale i guess. i use openvpn with 2fa. nothing touches my internal network. all done on opnsense I use selfhosted Wireguard my self. No need for 2fa for me when only i have the keys. Other users that use my VPN have their own network and shares so can't harm anything. Different needs for different uses ofc. 1
bandit8623 241 Posted March 17 Posted March 17 (edited) Saw this and thought Emby could do something along this line https://blog.noip.com/what-is-no-ip-public-tunnels-a-modern-approach-to-remote-access?utm_source=email&utm_source=email&utm_medium=promo&utm_campaign=2026-march-promo-paid Edited March 17 by bandit8623
caffeineshock 18 Posted May 9 Posted May 9 Yeah, no. Basically a reverse proxy. Does not solve the problem On 3/17/2026 at 12:28 PM, bandit8623 said: Saw this and thought Emby could do something along this line https://blog.noip.com/what-is-no-ip-public-tunnels-a-modern-approach-to-remote-access?utm_source=email&utm_source=email&utm_medium=promo&utm_campaign=2026-march-promo-paid
bandit8623 241 Posted May 9 Posted May 9 (edited) 11 hours ago, caffeineshock said: Yeah, no. Basically a reverse proxy. Does not solve the problem of course it does. everyone that would connecting via this method uses 2fa. would be an option to use if added correctly. thats what you wanted. With link sharing you woudlnt even need 2fa as only the device with the link can login. its just an idea. dont throw it out so fast as its not just like a reverse proxy.. Edited May 9 by bandit8623 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now