When setting up the Roundcube Webmail client, make sure that all the basic security rules have been taken into account: the connection between Roundcube and the mail server is protected with an SSL certificate, email encryption is set up, and 2-factor authentication plugin for Roundcube Webmail security is built in. With Protectimus Roundcube OTP Plugin adding two-factor authentication to Roundcube will be done in just a few clicks.
Most services use email for changing passwords and restoring access to accounts. That means that reliable email access protection — and in this case, that means Roundcube authentication security — is fundamental to IT security in general. Even if you use a secure password, that password could be intercepted by a keylogger, brute-forced, or obtained using phishing or social engineering. Two-factor authentication adds an extra level of Roundcube brute force protection — one-time passwords are valid for 30 to 60 seconds. They can’t be guessed or collected, and they’re difficult or impossible to intercept.
Two-factor authentication protects Roundcube from keyloggers and brute-force attacks. It also guards against phishing and social engineering attacks, and data signing functionality protects against man-in-the-middle attacks. Roundcube just can’t be secure without a verified multi-factor authentication plugin for Roundcube. The Roundcube MFA plugin from Protectimus lets you configure multifactor authentication for Roundcube in just a few minutes. Features available in Protectimus’s solution include geographic and time-based filters, self-service, CWYS data signing, user environment analysis, and a broad assortment of 2FA tokens to choose from.
The Protectimus multi-factor authentication plugin for roundcube supports hardware OTP tokens with hard-coded secret keys, the reflashable Protectimus Slim NFC hardware token, the Protectimus Smart 2FA app for iOS and Android, email, and SMS authentication. Roundcube two-factor authentication methods also include delivery of one-time passwords over Telegram, Viber, and Facebook Messenger. Hardware tokens are the most reliable OTP tokens. These tokens cannot be infected by viruses, and intercepting one-time passwords is impossible. Messaging service chatbots are both convenient and secure; however, we don’t recommend SMS-based authentication.
To begin setting up two-factor authentication for the Roundcube client, download the Protectimus 2FA plugin for Roundcube from GitHub and install it. For adding two-factor authentication to Roundcube find plugin setup instructions on the official plugin repository for Roundcube Webmail. After installing the Roundcube 2-factor authentication plugin, register with the Protectimus service, and create a resource, user, and token. Assign the user and token to the resource.