Zammad’s vision for the future is to become the most used helpdesk tool in the world, creating a customer service environment where support is enjoyable for everyone involved - customers, agents, companies and IT teams. Where there is a vision, there is also a path, but also hurdles to overcome. In our digital age, one of the most prevalent challenges we face is data theft, and it is crucial for Zammad to stay one step ahead of these malicious operators. That is why the implementation of two-factor authentication (2FA) is one of our top priorities for the next release.
With 2FA, we want to further strengthen the security of Zammad accounts by introducing an additional layer of verification beyond the password. It requires two different types of authentication factors, typically something the user knows (like a password) and something the user has (like a mobile device or security token). This ensures that only authorized people can access the account and that your data is protected in the best possible way.
We would like to hear your opinion on 2FA. Which second factor would you personally prefer? Please take a vote and/or leave a comment.
- Authenticator app
- WebAuthn
- SMS
- Others (please comment below)
Short explanation of the choices:
- Authenticator app such as Google Authenticator or Authy: the app generates a unique one-time password which enables 2FA for the user’s account.
- WebAuthn: is a Web Authentication API which supports e. g. hardware tokens like YubiKey.
- SMS: an SMS is sent out to the user which contains an one-time password.
- Email: an email with a one-time password that expires after a certain amount of time is sent out to the email address stored in the user record.