Two factor authentication?

Could I please ask people how they go about forcing two factor authentication for users?

I have found users tend to sharing logins otherwise.

Looking at Ghost for a project but wonder about this aspect?

Thank you

It’s not supported at the moment, nor is OAuth that would allow authentication through a third party that does support 2FA. It has been discussed before though.

How about now?

1 Like

Just came across this post as I set up my first Ghost instance.

It is 2021 and MFA via TOTP would be really a great feature. And it is really an accepted and widely available standard these days.

#MFANow

1 Like

Stumbled upon Multi-factor authentication before reading this post.

I totally agree with @HachimanSec about TOTP being a great decentralized multi-factor authentication option that Ghost could implement.

1 Like

I’d just chuck Cloudflare Zero trust policies in front of it for now using their free teams access offering to get an email OTP to login.

I wrote about doing this, this month - under the section: Protect Ghost Admin Login with Cloudflare Teams