Question for you all. I do not have 2FA enabled on things like TrueNAS. It it honestly worth the hassle?
I do however have my network quite well segmented, with all IoT stuff on its own VLAN’s etc. And the credentials for TrueNAS is a 50 character randomly generated password
I am tempted to enable it, but then would it actually gain me anything anyway? What are your thoughts?
Safety is often a big inconvenience.
What do you want to achieve here? Want to further secure the user login process? Ok, but do we actually increase security here…
Is the machine exposed to the world? Does anyone other than you have access to the machine? If both are “no”, then it doesn’t make sense. imho
You can turn it on to feel better. In some extremely bizarre scenario, it might come in handy.
Someone will steal the server… I would be more worried about disk encryption and data encryption when the server is up than 2FA which doesn’t change much here.
In general, you can enable 2FA for good practice, but it will be hard to justify this in a local machine model without third party access. For a desktop it would make sense to get into the OS but on a local server… possibly instead of a password for convenience.
For a desktop it would make sense to get into the OS but on a local server… possibly instead of a password for convenience.
Replace the password with a key and for convenience when logging in, there is no need to manually enter a password or even open a password manager. But as a second level of security hmm…
Also what is your threat vector.
If you are storing raw files of a public broadcast church group, no.
If you have super proprietary data critical to your business, and the neighbor maybsteal your secret recipe for coca-cola unspecified drink
Then yes?
I don’t, but a lot of my data is not even encrypted at rest, so a bunch could literally be accessed with just a live USB.
Your threat model, is your own.
2FA seems extreme for home network, but once set up, like a hardware token and pin, could be quicker and easier once set up, to actually use, rather than a passphrase every time you come leave the room