Linode Forum

[k33l0r]

Could we get two-factor authentication for the Linode Manager?

Speaking as a developer, it should be fairly simple to add using either the Google Authenticator (for example see this tutorial for Rails) or something like MailChimp's AlterEgo (though I of course have no knowledge of your existing systems or code, for all I know it might actually be hard).

[obs]

Not sure if you know about it but there is a white list by ip address you can set under the profile section of the linode manager, it will email you if you try and log in from a non-white listed address with a link to add the new ip to your whitelist

[reaktor]

This would be great.

yubikey would be awesome,

[dugsong]

Sorry to suggest our company's product here. I figured mention of other open-source / free solutions meant an honest suggestion of our own (which is also open-source, and free for most Unix admin deployments) might be acceptable. I'm a fan of our own product, what can I say.

Hope you guys find something reasonable to implement. It's an important feature.

[glg]

dugsong wrote: SPAM
Woo spammer!

[pclissold]

Cool new TLD. Who fixed his company name and link?

[glg]

pclissold wrote: Cool new TLD. Who fixed his company name and link?

Sounds like a good sign that the weather isn't all that bad in NJ :)

[waldo]

obs wrote: Not sure if you know about it but there is a white list by ip address you can set under the profile section of the linode manager, it will email you if you try and log in from a non-white listed address with a link to add the new ip to your whitelist

Which works great when the emails get sent out in a timely manner. I just waited nearly 10 minutes for an email to be sent. Those types of emails should be sent instantly instead of being done on a schedule of some sort.

Just did another test and that took 15 minutes to get the email.

[obs]

waldo wrote: obs wrote: Not sure if you know about it but there is a white list by ip address you can set under the profile section of the linode manager, it will email you if you try and log in from a non-white listed address with a link to add the new ip to your whitelist

Which works great when the emails get sent out in a timely manner. I just waited nearly 10 minutes for an email to be sent. Those types of emails should be sent instantly instead of being done on a schedule of some sort.

Just did another test and that took 15 minutes to get the email.

Never had one take more than a minute myself (I think) try poking support.

[sweh]

waldo wrote: obs wrote: Not sure if you know about it but there is a white list by ip address you can set under the profile section of the linode manager, it will email you if you try and log in from a non-white listed address with a link to add the new ip to your whitelist

Which works great when the emails get sent out in a timely manner. I just waited nearly 10 minutes for an email to be sent. Those types of emails should be sent instantly instead of being done on a schedule of some sort.

Just did another test and that took 15 minutes to get the email.

Do you have grey-listing or other anti-spam features in place that might slow down incoming mail? I've always received this message in a timely manner.

[db3l]

I don't think it's just waldo... I tried one myself and it took a while (4-5 minutes). In looking at the headers, the first Date: and first Received: line (internally at Linode) were delayed from the timestamp in the bottom of the message by about 4 minutes. So definitely held up within Linode. At least in my case, after that first transmission, it made it the rest of the way to me in just a few seconds.

Can't say if it's a transient problem or actually a periodic processing of the white lists, though the former seems more likely as although I haven't used this notice a lot, I would have sworn the last time was faster.

-- David

[ldilley]

I also think it would be nice for Linode to offer an optional RSA token or something similar (like the mobile Battle.net authenticator) for an added layer of security.

Regards,
Lloyd D.

[Obsidian]

reaktor wrote: This would be great.

yubikey would be awesome,

I'd second this. A yubikey OTP as an optional second authentication factor would be quite welcome.

[Piki]

Perhaps a randomly selected secret question, similar to online banking. The user presets several questions, one displays at random. To make associating the answers to the questions, the question being asked could be scrambled slightly in CAPTCHA style to confuse spambots. To make it harder to guess by humanoids, some similar looking questions could be suggested.

[hybinet]

Piki wrote: Perhaps a randomly selected secret question, similar to online banking.
The problem with this approach is that anyone who knows a bit about the user's life history can easily guess the answers. Especially if the questions are about your hometown, favorite band, mom's maiden name, etc. These days, even strangers can figure out many of these things by looking at your Facebook. So although it's better than nothing, it's nowhere near as secure as a physical token like yubikey.