I’m considering adding a little bit of transparency to how, and perhaps how well, Kolab Now infrastructure is run, or is running.
As we recently announced, we have pursued an opt-in second factor authentication feature on Kolab Now. As described, the implementation is limiting users to the web client, and this requires some reconfiguration of various servers and services.
We’re currently experimenting with an implementation of TOTP-based 2 factor authentication, allowing our customers to use a second factor.
Until now, Kolab Now required its users to supply a username and a password. This is considered only a single factor, since the username is your email address and thus known to third parties.