MFA for Groov Manage

Has there been any update to MFA to access groov manage. This would be a game changer in terms of automation security as I have not seen many industrial devices use multi-factor authentication.

TOTP time-based one-time password would be good (like google authenticator), and won’t need to rely on any other service. Hard part would be deciding how to handle a lost authenticator app - could be completely locked out if not having a way to “reset” that is secure.

One of the challenges we have with MFA is that more of our customers are using our groov products on networks that don’t have a gateway to the internet than do.
Running an MFA server/system on a local LAN is not trivial.
We are still in the investigation phase of this feature request.

TOTP is made for that purpose - no internet connection required - just need the time set correctly.

Yeah, but being locked out because NTP isn’t working is a non-starter. HOTP might actually be the safer option.

Either way, there would need to be a way to get back in without the additional authentication without resorting to holding the reset button.

I would say that is an option that the end user can decide to use or not use. If I want to have my Groov Epic connected to the larger internet over one of the ports for MFA authentication, then I should have that option. If I choose to not leverage that, and want the EPIC air-gapped and offline, then that’s another option. But at least I had a choice.

Currently, Groov Manage does not have Forced password complexity or any way to MFA users, so if one of my users has a password “password”, they can access groov manage, albeit with restrictions due to the security zones. Restrictions like this have never stopped bad actors though, so while I have not heard of Groov Manage as an attack vector, it doesn’t mean that its not possible. I’d much rather take the chance with the two factor authentication, connected online, then “airgapped” and no complexity or MFA. But that’s just my opinion.