ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001412ClearOSapp-base - Base Systempublic2013-10-30 17:492018-11-20 11:52
Reporteruser2 
Assigned Tobchambers 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001412: Add multi-factor authentication (MFA)
DescriptionScope to be determined.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2013-10-30 17:49user2New Issue
2013-10-31 10:21user2Statusnew => confirmed
2014-07-13 10:22marclaporteNote Added: 0001231
2014-07-13 16:47marclaporteNote Added: 0001232
2014-07-13 16:47marclaporteNote Edited: 0001232bug_revision_view_page.php?bugnote_id=1232#r137
2014-07-26 08:58marclaporteNote Added: 0001249
2014-08-26 19:55marclaporteNote Added: 0001286
2014-09-07 21:49marclaporteSummaryAdd two-factor authentication => Add multi-factor authentication (MFA)
2014-09-07 22:09marclaporteNote Added: 0001293
2015-01-20 23:38marclaporteNote Added: 0001340
2015-03-17 11:20marclaporteNote Added: 0001395
2015-04-20 11:37marclaporteRelationship addedrelated to 0001831
2018-11-20 11:52user2Assigned To => bchambers
2018-11-20 11:52user2Statusconfirmed => assigned
2018-11-20 11:52user2Note Added: 0008671
2018-11-20 11:52user2Statusassigned => resolved
2018-11-20 11:52user2Resolutionopen => fixed
2018-11-20 11:52user2Statusresolved => closed

Notes
(0001231)
marclaporte   
2014-07-13 10:22   
Please see:

http://www.dynalogin.org/ [^]
https://www.youtube.com/watch?v=tWZgQvWy22A [^]
https://www.ohloh.net/p/dynalogin [^]
(0001232)
marclaporte   
2014-07-13 16:47   
Joomla! add 2FA in version 3.2

http://www.youtube.com/watch?v=NbG6eehASW8 [^]
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31704&start=0 [^]
(0001249)
marclaporte   
2014-07-26 08:58   
In ClearOS, users can update their passwords:
http://www.clearcenter.com/support/documentation/user_guide/user_profile [^]
This should trigger multi-factor authentication (MFA).

Also, there should be a way for apps to trigger this. For example, in Tiki, a user updates the payment gateway information for the shopping cart. Each app would determine a list of critical actions which trigger MFA.

Thanks!
(0001286)
marclaporte   
2014-08-26 19:55   
Useful for high importance actions such as changing a password.

Related:

Provide setting to disallow users from changing passwords
http://tracker.clearfoundation.com/view.php?id=1931 [^]
(0001293)
marclaporte   
2014-09-07 22:09   
When considering scope, let's also look into one-time passwords (OTP) and alternatives like:
https://www.grc.com/sqrl/sqrl.htm [^]
https://www.grc.com/offthegrid.htm [^]
(0001340)
marclaporte   
2015-01-20 23:38   
https://secure.clearcenter.com/ [^] could benefit from enhanced security.

Linode has this: "When Account Security is enabled, you can only log in from an IP address on your whitelist. When someone attempts to log in with your username from an IP that is not on your whitelist an email alert is sent to you. The email contains a link that allows you to add that IP address to your whitelist. Subsequent successful logins from that IP will not generate an alert."

Another option: A short code sent to the cell phone associated to the account
(0001395)
marclaporte   
2015-03-17 11:20   
A great site showing that MFA is becoming the standard: https://twofactorauth.org/ [^]
(0008671)
user2   
2018-11-20 11:52   
Just tracker cleanup.