Multi-factor authentication


#1

Would be awesome to have some form of multi-factor authentication in front of the /ghost admin login. Lack of MFA + rate limiting makes it highly susceptible to brute force. Anyone know of any workarounds?


#2

Ghost has configurable brute-force prevention already!


#3

Has had login rate limiting from day one. MFA is a valid request though. The main concern is figuring out how to do it decentralised rather than centralised, which tends to be a little harder / less user friendly.

Def possible though


#4

Touchè :slight_smile: I made a bad assumption…

:+1:

Thanks for a great platform.


#5

Is something like libpam-google-authenticator feasible for this?


#6

Any update here? I would love this feature!