Hi guys,
sorry im a newbie.
since few weeks my installation of HA is running well. Step by step its going forward.
Now i´m on the topic with the installation of MFA.
It was possible to install this but my question is now if its still possible to login without a token ?
I have already the Authenticator running on my phone , i need this also for my company for vpn login.
In my company when i login to the vpn i recieve a push message of the authenticator and i only need to confirm the login with my face id and confirming.
Is this also possible with HA when i login to get the same way ?
Thank s
i hope you will get it what i mean
Hi,
If you enable TOTP (the time based 6-digits that change), then you need to use TOTP MFA for every new login for that account.
Once logged in and authenticated, HA stays logged in, so you don’t need TOTP very often. You can use biometrics to unlock the HA app just like the corporate VPN client.
Push notifications from HA need both the HA app to be logged in, and also a communications path (e.g. Nabu Casa’s service, VPN, Tailscale, Wireguard, etc).
As push messages need you to be logged in, they aren’t useful to login!
Some software uses push messages as an extra check, possibly via a less secure channel (e.g. logged in previously so connected to a corporate server, but not trusted until you confirm something). HA doesn’t do this as you would need a server connection all the time so send the push message.
SMS is not a good secure multi-factor although it is widely used to send one-time passcodes for MFA.
For more detail, the dev docs describe authentication, but that gets deep quickly…
(was looking to see if HA supported other auth providers like OAuth 2.0, and it seems possible but not yet implemented)
If this helps, 
this post!
1 Like