Channels
  • a

    Anoop K V

    11 months ago
    Hi there, During the security review of Fleet, I need to provide the below details. Can someone help here?   1: The Admin password is stored securely and in an encrypted manner in the DB? 2: Will there be a multi factor authentication support? 3: How many admin user accounts are supported? 4: When does the cookies gets timed out and flushed? (I haven't re-logged in quite sometime).
  • zwass

    zwass

    11 months ago
    https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/7-Security-best-practices.md has answers to many of those questions
    Unlimited admin accounts
    If you need MFA, use SSO that enforces the MFA.
  • a

    allister

    11 months ago
    Pardon jumping on to this thread, but… the nice thing about local accounts having MFA is to satisfy/check the box of security access controls that say use separate read only and r/w accounts
  • zwass

    zwass

    11 months ago
    If folks are keen on that, please feel free to file an issue so that we can keep it in mind when planning.
  • a

    Anoop K V

    11 months ago
    I got most of the details for my queries from the above link. It has information on session timeouts and all. But it do not convey explicit information on cookies and its expiry. Is that as well the same?