User Tools

Site Tools


manuals:vps:users

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
manuals:vps:users [2024/01/02 18:09] – Session control aithermanuals:vps:users [2025/02/23 16:40] (current) – hw passkeys first, more sw examples aither
Line 33: Line 33:
 ===== Two-factor authentication (2FA) ===== ===== Two-factor authentication (2FA) =====
 Two-factor authentication for vpsAdmin using Two-factor authentication for vpsAdmin using
-[[wp>Time-based One-time Password algorithm|TOTP]] +[[wp>Time-based One-time Password algorithm|TOTP]] or [[wp>WebAuthn|passkeys]] 
-can be optionally enabled. You then need both the password and TOTP to log in.+can be optionally enabled. You then need both the password and one of the 
 +additional authentication devices. It is possible to combine TOTP and passkeys, 
 +using one of the configured authentication devices is sufficient to log in.
  
 When enabled, the two-factor authentication is mandatory for access to When enabled, the two-factor authentication is mandatory for access to
Line 42: Line 44:
 will cease to work. will cease to work.
  
-2FA can be enabled in profile settings (vpsAdmin -> Edit profile).+2FA can be enabled in profile settings (vpsAdmin -> Edit profile). Note that 2FA is active 
 +only when there's at least one authentication device enabled.
  
 {{:navody:vps:2fa_status.png?200|}} {{:navody:vps:2fa_status.png?200|}}
 +
 +==== TOTP ====
  
 You can setup TOTP e.g. on your mobile phone using applications like You can setup TOTP e.g. on your mobile phone using applications like
Line 66: Line 71:
  
 {{:navody:vps:totp_device_list.png?300|}} {{:navody:vps:totp_device_list.png?300|}}
 +
 +==== Passkeys ====
 +You can use hardware security tokens (YubiKey, GoTrust IdemKey, etc.) or software keychains such as KeePassXC, KeePassium, iCloud Keychain, Google Password Manager, Microsoft Windows Hello, 1Password. 
 +
 +Authentication using passkeys is available only in web browser, it cannot be used
 +with [[manuals:vps:api#cli|vpsfreectl]], which requires TOTP.
 +
 +First register your passkeys in vpsAdmin -> Edit profile -> Passkeys. Then enable
 +2FA in vpsAdmin -> Edit profile.
  
 ===== Session control ===== ===== Session control =====
manuals/vps/users.1704218967.txt.gz · Last modified: 2024/01/02 18:09 by aither