Multi-factor authentication (MFA) for openmediavault web console

  • Dearest OMV team,

    I was looking to info on enabling MFA on the OMV web console and came across this thread (Multi-factor Authentication for the Web Admin Console) from last year which stated that the team didn't believe MFA is necessary since the console should not be internet facing. This logic doesn't hold up compared to the number of businesses who protect their internal privileged accounts, backups, and access to sensitive data such as cardholder data in PCI environments with MFA. Single-factor passwords are not enough to protect against GPU farms brute-forcing 20 character passwords. Additionally, it is standard operating procedure for threat-actors looking to deploy ransomware to target and destroy internal/not public-facing backups prior to infection to ensure the victims pay the ransom.

    I would greatly appreciate if the OMV team reconsidered this. I personally have authy synced with pam/google-authenticator library for ssh access to all of my internal linux systems that will never see the public internet.

    Thank you for you great work.


  • Att. the OMV team

    I would also address my thanks for a great product - and then I would like to support CB in his request for reconsidering :)

    In my use-case the OMV is used in order to protect data via "rsnapshot" - The OMV is placed in a seperate isolated VLAN, access to data is done from the OMV to the backuppoints on "normal" VLAN with Internet Access. By nature the VLAN with Internet access is vulnerable to eg. ransomware attacks, but at the same time the ssh and webgui needs to be accessed from this... therefore an MFA solution would be great in order to protect the OMV from attacks from the inside.

    As Robert S. Mueller, the former Director of the FBI once said... "There are only two types of companies (persons :) ) - Those who have been hacked and those that will be hacked.”

    Best regards


Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!