Add YubiKey Support for Two-Factor Authentication on Firewalla
Hi everyone, wouldn't it be fantastic if Firewalla could support YubiKeys for two-factor authentication? It would give our networks an even stronger layer of security and make it much harder for attackers to break in. I think it would be a great addition for anyone wanting to make their routers even more fortress-like!
-
I actually meant regular app or account access, not MSP.
Even though access is protected by the phone, adding hardware-based two-factor authentication (like a YubiKey with FIDO2/U2F) would provide a significant extra security layer.If a phone gets compromised, intercepted, or a password manager is breached, a physical security key ensures that access still requires something only the legitimate user possesses.
That’s the real value — it makes remote compromise practically impossible without physical access to the YubiKey. -
For an attacker to gain access to your firewalla app, wouldn't that require the attacker to have physical access to your phone on which the firewalla is already installed?
If I ever lose my phone, the first thing I'm doing is removing it's firewalla access privileges from my backup phone with the firewalla app.
I can see the utility of a yubikey for MSP access.
For the firewalla phone app, I think a strong phone lock password is more reasonable because if someone is able to steal and break into my phone, they not only have access to my firewalla app but also my email accounts, banking apps etc.A case can be made that an attacker can remove your other phone's access to the firewalla app and change all your wifi passwords. I still dont see myself using the Yubikey as I access the app about 50 times a day but a fingerprint lock, pincode etc seems reasonable ; with Yubikey protection for MSP
Please sign in to leave a comment.
Comments
12 comments