MFA Configuration

When configuring Multi-Factor Authentication (MFA) features, especially in systems that involve user authentication and data protection, encryption and salting mechanisms are critical. Two environment values are required: a secret and a salt. Both work in tandem to maintain the integrity, confidentiality, and robustness of the MFA feature, ensuring that users’ authentication processes are both secure and trustworthy.

• CYBUS_MFA_ENCRYPTION_SECRET: the key for encrypting

• CYBUS_MFA_ENCRYPTION_SALT: the salt as extra layer of randomness

Note

Kepp in mind that the combination of CYBUS_MFA_ENCRYPTION_SECRET and CYBUS_MFA_ENCRYPTION_SALT ensures the cryptographic robustness of 2FA tokens, making them both safe and distinct. If these values are compromised, it would expose the system to potential unauthorized access and breaches. By modifying these values, previously generated 2FA secrets became undecipherable. As a consequence, users with 2FA enabled would be unable to log in anymore.

Example configuration:

CYBUS_MFA_ENCRYPTION_SECRET=18473274-5073-11ee-be56-0242ac120002
CYBUS_MFA_ENCRYPTION_SALT=229c75c2-5073-11ee-be56-0242ac120002