WebFaction
Community site: login faq

Hi, I'd like to team up with another developer to create a web app using a new webfaction account. However, currently I don't see a way to manage our access to the control panel for both of us (SSH/SFTP access management seem to be fine and flexible from the control panel).

We want both of us to be able to access the control panel, so there won't be a problem if for example one of us gets ill or is somehow temporarily unable to work, and also it's important we both get familiar with how the webfaction control panel works for work efficiency purposes (not good if only 1 of us knows how to edit the domains, review invoices, etc). But since the control panel is currently restricted to only 1 login credential, the first thought was that we share the password. However, this decreases our security because:

1) sharing a password is not the best idea because it can get intercepted depending on the sharing method and accountability also decreases,

and 2) we, of course, want the best security possible so we want to have the 2-step verification enabled for the control panel login. This cannot be done if we share a password since the authenticator app will be available on the personal device of only of one us, so the other without the authenticator app won't be able to login.

What would you recommend us to do in our scenario given the current features of webfaction?

In addition to that, I take this as an opportunity to suggest one of the following solutions to be implemented:

1) The easier one (when compared to the other), would be to continue using a single username/password for accessing the control panel, BUT allow adding more than 1 credentials for the 2-step verification. This how other critical online services that we use do it.

Basically this means that you can set-up the authenticator app on more than 1 device, so people sharing a control panel password would each have their own authenticator app on their device and their own set of backup codes each. So even if the password gets stolen, a third party won't be able to login without the 2-step verification code.

or 2) Perhaps more difficult to implement, but that is a more secure solution I think, would be to allow the creation of an extra control panel login credential, which includes a different set of: username, password and 2-step verification setup. This extra login credentials would internally be just that, without holding extra content or information but just used for allowing to login into the main control panel account. No permission management required, as after login it would be the same main account with access to everything.

Thank you!

asked 06 Dec, 17:57

teks
33128
accept rate: 0%


Thanks for the feedback.

We understand your concerns in regards to sharing one login for the control panel among many users. But at this time, the configuration you suggest is not possible beyond simply sharing credentials for access. We do take feature requests so I have raise this internally as one.

permanent link

answered 06 Dec, 21:27

NickR ♦♦
4165
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×37
×31
×15
×8

question asked: 06 Dec, 17:57

question was seen: 61 times

last updated: 06 Dec, 21:27

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM