Expand 2FA options: Yubikey, WebAuthn (FIDO, FIDO2, U2F), also HOTP counter-code for existing Google Authenticator
Add two-factor-auth for YubiKey.
Thank you for your input. We will explore the possibility of implementing YubiKey in upcoming releases.
Need this really urgent!
Coming up on NINE YEARS later and we're still stuck with only mediocre totp-based security.
+1 WebAuthn (FIDO, FIDO2, U2F) please
Continually get this even though three other identical installs work with no issues.
7 years later.... would be great to see it
Almost 3 years have passed since I created this suggestion. No single update. Not even the Yubikey suggestion has been merged into this one. Not being able to have proper 2FA at such an important interface is just ridiculous. I'll wait until the end of this year, then me and my clients will leave Plesk. There are way too many important suggestions which are ignored.
Sebastian Busch commented
i have the 2 step authentication active on plesk login but it only provide support for google authenticator. and plesk is the only website i have in google authenticator so i have to keep the app just for plesk. Please add support for apple also where we can setup 2step authentication with setup key in keychain passwords or any other app easily with relying on google. thanks
So far there is no proper security! No 2FA for service accounts, no FIDO or DUO or anything, Guys it's the end of 2021 with tons of cyber attacks and we still have no proper security in place.
Also, I have voted and sent emails to support, to forums and it's been just 4 years!
Fabio Perri commented
+1 for me !
I'd love to see U2F supported!
Hotte Smann commented
This should be quite easy! FIDO2 ;-)
Waiting to use my Fido2 Keys with WebAuthn two-factor-authentication
Yes, FIDO2, passwordless should be implement for security
What about the development? Is there already an approximate date when the function will come?
sh*tty copypasted answer commented
@Cornelius Berger what do you think? that they even give a f*k about you or that they even care?
I've been a Plesk user for almost 7 years now, I've submitted a number of bugs that's possibly more than the number of grain of sand there are in this planet, and the Plesk team answer was always "we don't give a sh*t about you, and we're proving this by copypasting the same sh*tty answer over and over, when it's clear we don't even care to know what your idea is or even what's your name".
abandon the idea of having anything you like integrated in Plesk; they don't care af, they just want your money.
or simply completely abandon Plesk, you would be better off... unfortunately I need it because I don't have the time of manually managing Nginx files, and my customers are used to the stupid Plesk "slick ui" that no sysadmin gives a sh*t about, yet they continue to improve that instead of "real" and requested features! (cit. Plesk Obsidian, Onyx was good looking enough, and Obsidian is as secure as Onyx, two piece of sh*t equally the same)
This is why plesk is secondary to WHM... it's been SIX years for this feature that should've been included in the next update. Seriously, it's not hard, and its the year 2020. U2F authentication is STANDARD, countless services use it. There's no excuse at this point other than laziness or incompetence.
Alexandre Féron commented
System time is one thing on the OS. It should remain free to be set to whatever Timezone the System Administrator need it.
Having Plesk requesting to change System Time or my device Timezone is absolutely not acceptable.
- Imagine all software ask the same ?
- And what if I travel and my device change Timezone ?
Plesk should avoid imposing to set System Time to have Google Authenticator Working.
Plesk team must improve its implementation of Google Authenticator.