Implement 2-factor authentication for Cloud dashboard access from WAN

The fact that this is not even being taken into consideration is appalling.

I’m wondering whether, as a stop gap fix, it would be acceptable to implement something as the following:

  • enable (local) SSH access
  • write a script run via cron every 30 seconds that:
    • generates a strong random password
    • stores it in a temp file
    • encrypts the file with AES encryption with a locally known key via aescrypt.com
    • stores the file into a configurable share that the admin user has read access to, so accessible from remote by a mobile device
    • resets the admin password to the generated password
  • install the aescrypt.com mobile app to read the encrypted file and get the generated password

A bit of a hack, but I may be willing to work on this if there are no strong security concerns.