ClearFoundation Tracker - ClearOS
View Issue Details
0001412ClearOSapp-base - Base Systempublic2013-10-30 17:492018-11-20 11:52
user2 
bchambers 
normalfeaturehave not tried
closedfixed 
 
 
0001412: Add multi-factor authentication (MFA)
Scope to be determined.
No tags attached.
Issue History
2013-10-30 17:49user2New Issue
2013-10-31 10:21user2Statusnew => confirmed
2014-07-13 10:22marclaporteNote Added: 0001231
2014-07-13 16:47marclaporteNote Added: 0001232
2014-07-13 16:47marclaporteNote Edited: 0001232bug_revision_view_page.php?bugnote_id=1232#r137
2014-07-26 08:58marclaporteNote Added: 0001249
2014-08-26 19:55marclaporteNote Added: 0001286
2014-09-07 21:49marclaporteSummaryAdd two-factor authentication => Add multi-factor authentication (MFA)
2014-09-07 22:09marclaporteNote Added: 0001293
2015-01-20 23:38marclaporteNote Added: 0001340
2015-03-17 11:20marclaporteNote Added: 0001395
2015-04-20 11:37marclaporteRelationship addedrelated to 0001831
2018-11-20 11:52user2Assigned To => bchambers
2018-11-20 11:52user2Statusconfirmed => assigned
2018-11-20 11:52user2Note Added: 0008671
2018-11-20 11:52user2Statusassigned => resolved
2018-11-20 11:52user2Resolutionopen => fixed
2018-11-20 11:52user2Statusresolved => closed

Notes
(0001231)
marclaporte   
2014-07-13 10:22   
Please see:

http://www.dynalogin.org/ [^]
https://www.youtube.com/watch?v=tWZgQvWy22A [^]
https://www.ohloh.net/p/dynalogin [^]
(0001232)
marclaporte   
2014-07-13 16:47   
Joomla! add 2FA in version 3.2

http://www.youtube.com/watch?v=NbG6eehASW8 [^]
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31704&start=0 [^]

(0001249)
marclaporte   
2014-07-26 08:58   
In ClearOS, users can update their passwords:
http://www.clearcenter.com/support/documentation/user_guide/user_profile [^]
This should trigger multi-factor authentication (MFA).

Also, there should be a way for apps to trigger this. For example, in Tiki, a user updates the payment gateway information for the shopping cart. Each app would determine a list of critical actions which trigger MFA.

Thanks!
(0001286)
marclaporte   
2014-08-26 19:55   
Useful for high importance actions such as changing a password.

Related:

Provide setting to disallow users from changing passwords
http://tracker.clearfoundation.com/view.php?id=1931 [^]
(0001293)
marclaporte   
2014-09-07 22:09   
When considering scope, let's also look into one-time passwords (OTP) and alternatives like:
https://www.grc.com/sqrl/sqrl.htm [^]
https://www.grc.com/offthegrid.htm [^]
(0001340)
marclaporte   
2015-01-20 23:38   
https://secure.clearcenter.com/ [^] could benefit from enhanced security.

Linode has this: "When Account Security is enabled, you can only log in from an IP address on your whitelist. When someone attempts to log in with your username from an IP that is not on your whitelist an email alert is sent to you. The email contains a link that allows you to add that IP address to your whitelist. Subsequent successful logins from that IP will not generate an alert."

Another option: A short code sent to the cell phone associated to the account
(0001395)
marclaporte   
2015-03-17 11:20   
A great site showing that MFA is becoming the standard: https://twofactorauth.org/ [^]
(0008671)
user2   
2018-11-20 11:52   
Just tracker cleanup.