nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2024-12-27 02:10:52 +08:00
Code Issues Projects Releases Packages Wiki Activity

Updated Security implementation (markdown)

Andris Reinman 2017-08-07 16:45:53 +03:00
parent 43bfdb35e3
commit c5bcb5326f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Security-implementation.md

@ -4,7 +4,7 @@ User password is hashed with bcrypt, using 12 rounds. Password is stored in the
## 2FA
Wild Duck generates TOTP seed tokens. These are encrypted (aes192) on storage with an application configured master password. Encrypted TOTP seed is stored in the user entry in the users database.
Wild Duck generates random TOTP seed tokens. These are encrypted (aes192) on storage with an application configured master password. Encrypted TOTP seed is stored in the user entry in the users database.
If 2FA is enabled then account password can only be used for the "master" scope but not for IMAP, POP3 or SMTP. In these cases the user must generate an Application Specific Password for the required scope(s).