Add software/service category
Closed this issue · 5 comments
Hi,
as I understand the project is dedicated to list popular websites which provide (or should provide) 2FA. Maybe it would be interesting to add an own category like "software" to list software which provides 2FA. For example nextcloud is a data sync suite (like Google Drive, dropbox etc.) which provides 2FA (via plugin) for your private/company installation. 2FA for Atlassian's Jira is possible via third party module etc.
What do you think?
Kind regards,
drohhyn
Hello drohhyn,
We used to list 2FA providers but because of all the sales bs the companies used we don’t do this anymore.
Furthermore we don’t list self-hosted services such as ownCloud and nextCloud.
As for third party systems we only list the site’s native authentication system.
Sorry I couldn’t be of any more help!
//Carl
Thanks for your comment. I fully understand the reasons, also it is sad that it was not suitable for this awesome project.
Furthermore we don’t list self-hosted services such as ownCloud and nextCloud.
i see this statement but it's not clear to me how it is related to the Contributing guidelines, as ownCloud and nextCloud (as examples) clearly fit into Data in the site criteria.
it sounds like you are opposed to listing 3rd party 2FA plugins which is understandable, but including software that comes with 2FA natively seems to fit well within twofactorauth's aim.
If the issue is that they can be self-hosted, there are obviously many providers willing to receive user money to host it for the user. so i don't see that as a strong argument.
i'd like to be able to link folks to twofactorauth so they can have a more complete sense of the software ecosystem for a given need, but not having the FOSS options there makes it much less useful than it could be.
If we will be listing self-hosted providers with builtin 2fa, there will be questions why preferential treatment is given to such projects, but not the ones that decided to outsource authentication to external modules or sources.
This is also similar why we don't list sites which use federated authentication.
If you have a suggestion how we can list such entries where there can be cases of mutually exclusive authentication methods and all the other nuances that arise from that, please do share with us.
If we will be listing self-hosted providers with builtin 2fa, there will be questions why preferential treatment is given to such projects, but not the ones that decided to outsource authentication to external modules or sources.
it's not preferential treatment, it's just about clearly communicating project decisions. so it could be a project decision to only list providers that have built-in 2FA, due to issues around compatibility, maintenance, and promotion of 3rd party modules.
The other option is to list all the companies you can pay to host NextCloud instances for you (as an example), which doesn't make much sense.
This is also similar why we don't list sites which use federated authentication.
the project could communicate these are considered 3rd party 2FA modules and won't be listed for the above reasons. or the federated authentications mechanisms themselves could be listed (since they have different U2F features). I think this is a separate conversation though.