Experimenting with TOTP Two Factor Authentication
We’re currently experimenting with an implementation of TOTP-based 2 factor authentication, allowing our customers to use a second factor.
Until now, Kolab Now required its users to supply a username and a password. This is considered only a single factor, since the username is your email address and thus known to third parties.
User accounts could, in the near future, be configured such as to require a second factor; if the password to the account is something you know, then a second factor is something you have — in our case, a smartphone with an app.
It comes with a few connotations; only the web client supports 2-factor authentication (2FA). User accounts that are configured to require a second factor will therefore be blocked at the IMAP, POP, ActiveSync, CalDAV, CardDAV and WebDAV level. In other words, a 2FA account can only use the web client.
Stay tuned for updates on the implementation timeline, where we implement this new functionality in production.