Multi-factor authentication


Would be awesome to have some form of multi-factor authentication in front of the /ghost admin login. Lack of MFA + rate limiting makes it highly susceptible to brute force. Anyone know of any workarounds?


Ghost has configurable brute-force prevention already!


Has had login rate limiting from day one. MFA is a valid request though. The main concern is figuring out how to do it decentralised rather than centralised, which tends to be a little harder / less user friendly.

Def possible though


Touchè :slight_smile: I made a bad assumption…


Thanks for a great platform.


Is something like libpam-google-authenticator feasible for this?


Any update here? I would love this feature!