This does not exist in DA. It's not Apple. Apple is requiring application passwords if you're not using an Apple device for example for your mail.- generate application-password for non-interactive (e.g. Outlook / SMTP) mail access
DA does not have something like that, neither does any other panel.- enable 2FA for email logon via e.g. roundcube for dialog logon
for now I've implemented https://packagist.org/packages/alexandregz/twofactor_gauthenticator
but I need also an option to generate application-password for non-interactive (e.g. Outlook / SMTP) mail access
One of the major problem tho that will continue to happen is that, and become worst with time, is that if we do not find a proper way to integrate 2FA with exim and dovecot, even if that mean to use an add-on in outlook or thunderbird, is that business and enterprise will continue to exile to security compliant provider such as Microsoft or Google, who offer the 2FA, mainly because the compliance audit and technological insurances do start to require it or it is considered a risk.
And let be honest, while Roundcube is all cute and everything, it is clearly not a professional mail client like Thunderbird or Outlook (desktop version), not mentionning add-on integration for other software, or security speaking (displaying html content in a web browser, instead of a mail client downloading mail and being able to scan it with various security system before it is delivered and/or shown to the end client.
As far as I understand, 2FA using certificates (even if the management of this is a real PITA), is one another possibility, right ? Something that is cross platform compatible like a Yubikey with SmartCard PIV capability or something similar ?
Actually, since the certificates management is one way that already exist, DirectAdmin (the Pro Pack), could possibly think about integrating an UI to make certificate based authentification easier.Certainly I agree but this is outside of the scope of DirectAdmin. They're not going to pursue an experimental (if it even exists) build of apps that breaks every regular user's expectations, software, etc. Instead, you'll want to look into building a new RFC for how email works, getting acceptance by all stakeholders (and learning who those are), and then lobbying for the change with the developers of Dovecot and Exim, as well as the major email client developers.