I believe that two factor authenticator is needed especially in something as plex where someone can delete your library and or gain access to sensitive picture (picture of your kids and family or such) if the password is compromised in some way,
There are two possible implementation:
1: Authentication via email, By accessing from an unknown device and or network you get an email with a link inside to ‘‘authorise’’ this new address,
2: (Preferred) Use of a classical TOTP via software (e,g google authenticator or similar)
Out of interest, how would this work for family who log into the server from a location not in the home, lets say at college.
Would you just have them log in once, and they wouldn’t need to relog in, or maybe, additional phone number(s) is associated with a particular device, so that the text for that is device is sent to that phone, once it was authorised.
It is merely a thought to map the whole thing out, for a wide range of circumstances.
@Skar said:
Out of interest, how would this work for family who log into the server from a location not in the home, lets say at college.
Would you just have them log in once, and they wouldn’t need to relog in, or maybe, additional phone number(s) is associated with a particular device, so that the text for that is device is sent to that phone, once it was authorised.
It is merely a thought to map the whole thing out, for a wide range of circumstances.
Neither the less, I like the idea.
You usually invite external account and not share the administrator password, additionally you could always share the private key of you TOTP even if I suggest you to not.
Also the one time password should be requested only on unknown device or new log-in and not every time you access the server or media
