Hi Oliver,
thank you for your feedback. We do offer OTP/MFA support on documents hosted by Royal Server. For standalone documents on the filesystem, we do not have short or mid-term plans to integrate this feature. I'll leave this thread open for others to chime in and upvote your idea though.
Regards,
Stefan
I need to correct myself, MFA OTP is not feasible with a simple file (as there is no time service), but, like KeePassXC, using additional encryptors like YubiKey challenge/response and a signature file should be feasible to implement probably quite easy.
We do not trust any running service storing credentials, as such mostly are subject to exploits earlier or later…
Best regards,
As mentioned before, we currently have no plans to deeper integrate with YubiKey or similar on a file level.
As for your last statement: not sure I understand. Royal Server is not storing any credentials. Authentication/authorization is provided by Active Directory or NTLM (local user accounts). Only the TOTP challenge is performed by Royal Server when accessing a document.
Oliver Pergler
RoyalTS allows storing credentials. New 7.03 even allows saving OTP secrets, which undermines critical security MFA intentions.
We already suggested a couple of times to encrypt RoyalTS documents not only with a simple master password, but also with YubiKey OTP challange/response and/or OTP token, basically the same way as KeePassXC encrypts databases.
This would mitigate making RoyalTS documents a juicy target for attackers.
Thank you!
Oliver