I’ve just tested client-side cert + yubikey U2F on a small test install of openemr. I am very impressed with how it works. My question is, what else security wise is there to worry about?
Hackers would need the client-side cert to access the openemr webapp + a yubikey + know the username and password… How likely are we looking at compromised access to openemr webapp in this scenario? Without the client-side cert, how could a hacker get the openemr login site to appear?
Im just amazed at the direction this project has moved in. Using 2FA is a game changer!