Would be awesome to have some form of multi-factor authentication in front of the /ghost admin login. Lack of MFA + rate limiting makes it highly susceptible to brute force. Anyone know of any workarounds?
Has had login rate limiting from day one. MFA is a valid request though. The main concern is figuring out how to do it decentralised rather than centralised, which tends to be a little harder / less user friendly.
Def possible though
Touchè I made a bad assumption…
Thanks for a great platform.
Is something like
libpam-google-authenticator feasible for this?