Welcome to the mailbox.org user forum!
 

2FA for Business

Marco.heinemann@useblocks.com shared this idea 13 months ago
Proposed

HI,

it looks like mailbox.org does not support 2FA / MFA for business. At least there are no options in setup.mailbox.org or in the user mailbox settings.


If that's true, when will this be available? It's pretty much a deciding factor for me.

In that regard, it would also be quite relevant to support app specific passwords for caldav/carddav/imap clients.


Thanks, Marco

Replies (5)

photo
3

Thank you very much for your inquiry. The integration of 2FA for our private customers has been an integral part of our services for several years.


Since additional security is equally vital for our business customers, we are going a step further and would like to make use of the latest technologies and additional layers of security in the near future.

Your mailbox.org team


We are already working on this feature. Unfortunately I can't give you a fixed date for the implementation as of right now.

photo
2

Are you working on 2FA AND app specific passwords as mentioned what Marco asks.

Or do you only mean 2FA? Really looking forward to app-specific passwords within mailbox.org

photo
photo
1

For Two-Factor authentication (2FA) for Mailbox.org Business, for Mailbox.org review, and decision, I suggest considering those three:
https://lemonldap-ng.org
https://www.shibboleth.net
https://www.keycloak.org
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Below is the same suggestion as above. But with details if you're interested in those.

All 3 products listed above have strong security and strong privacy. Because they are open source :) My favorite is LemonLDAP-NG. Because, legally speaking, LemonLDAP-NG is owned and controlled by both you and a not-for-profit community. In comparison, Keycloak is, legally speaking, indirectly owned and controlled by the for-profit IBM. Shibboleth is my second favorite.
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

About LemonLDAP-NG

ae5bd7b7034851491900fb0c3df0cf09

Strength:
• LemonLDAP-NG is use as 2FA and MFA by many organizations. One high profile example is the "Document Foundation". Which facilitate the growth of the very popular LibreOffice. You can try LemonLDAP-NG for free at https://auth.documentfoundation.org
• Won OW2 awards:
___• OW2con'14 Community Award
___• OW2con'18 Community Award
• No license fees
• Optional Docker for faster and easier installation at https://github.com/LemonLDAPNG/lemonldap-ng-docker
• Free community support at https://lemonldap-ng.org/contact.html
• Libre Source (Open Source). If you are not familiar with "Libre Source", it means this software has both stronger security & stronger privacy. Because its code is publicly available for review and contributions at https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng or at https://github.com/LemonLDAPNG/lemonldap-ng
• Attractive GNU General Public License version 2. This means the software code of this extension is owned and supported by a friendly not-for-profit community. Instead of a for-profit corporation. https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/LICENSE
• The main strength of LemonLDAP-NG it that it is owned by a friendly not-for-profit community. Not by a for-profit corporation. Legally speaking, this means that LemonLDAP-NG is directly CONTROLLED by both YOU and its friendly community. Also, not-for profit organization are more likely to value people above money. In comparison, most other Two-Factor Authentication options are owned and controlled by a for-profit organization. Which risk to value money above people.
___• Source about LemonLDAP-NG owned by a friendly not-for-profit community:
______• https://lemonldap-ng.org/team.html
____________• https://archive.ph/7B9Sd
• Easier user interface. With lots of features.
• Many additional features to 2FA and MFA. Such as, but not limited to:
___• SSO
___• OpenID Connect
___• CAS
___• SAML
• User interface adapted for System Administrators
• France Connect certified
• FusionIAM project member

Show Your Support:
• If you enjoy this application, show your support to the authors & contributors with:
___• Join mailing list at https://lemonldap-ng.org/contact.html
___• Contribute to documentation at https://lemonldap-ng.org/documentation/latest/
___• Patch at https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng

Note:

• Docker container repository at https://github.com/LemonLDAPNG/lemonldap-ng-docker
• Screenshots at https://lemonldap-ng.org/screenshots
• Download at https://lemonldap-ng.org/download
• Homepage at https://lemonldap-ng.org
• Support and social media at https://lemonldap-ng.org/contact.html
• Comparison between LemonLDAP-NG and Keycloak. Available in French only at:
___• https://www.worteks.com/assets/support-conference/2022/Presentation-OpensourceExperience-2022-Keycloak-vs-LemonLDAP.pdf
___• https://web.archive.org/web/20230504010955/https://www.worteks.com/assets/support-conference/2022/Presentation-OpensourceExperience-2022-Keycloak-vs-LemonLDAP.pdf

More screenshots of LemonLDAP-NG

b695e5c47b69b4cbb578e4bef10dde6a

5b5d63f0248372ff0085a1f2854cc65d
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

If needed, both me and the Ubertus.org team would be happy to contribute testing and documentation for 2FA. Whatever which option Mailbox.org chooses.

photo
4

Hello all two-factor authentication enthusiasts :)

We received this status update from the Mailbox.org team on May 5th, 2023: "As to 2FA for business customers we are currently working on an implementation with Keycloak"

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Below is the same message as above. But with details if you're interested in those.

They do not have an estimated time of delivery (ETA)

For those not familiar with Keycloak, it is "an open source software product to allow single sign-on with identity and access management aimed at modern applications and services."

763?token=52e41da97732e83d57bd9614388d41a1

Website https://www.keycloak.org

Video with screenshot https://www.youtube.com/watch?v=RzxzY1dluvo

Video backend https://www.youtube.com/watch?v=K7mjE58hl4I

Video French https://www.youtube.com/watch?v=AxYKRBT9JDw

Source repository https://github.com/keycloak/keycloak

Wikipedia article https://en.wikipedia.org/wiki/Keycloak

photo
4

Thanks for the update Francewho!

Leave a Comment
 
Attach a file