two Factor over own Mail Server (NOT Gmail)

Do you have an idea for the Joomla community that you can help implement? Discuss in here.
Forum rules
Global Rules
Posting guidelines for this board <-- please read before posting.

Joomla Idea Pool <-- Add your suggestions for future versions of Joomla and vote on current suggestions.
User avatar
pctech
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Sun Oct 15, 2006 8:09 am
Location: Zürich Schweiz
Contact:

two Factor over own Mail Server (NOT Gmail)

Postby pctech » Wed May 17, 2017 11:06 pm

:pop
Good evening everyone

I am looking for a simple way to send a link (or a number) to the user's e-mail address each time as a 2nd factor.

Actually just like when registering.
There is also (over) the e-mail address is authenticated.

As an security feature, always hide the characters at the e-mail address in the user controller.
Example: jo .. @ .. p .. or as in the password field without content.

But I am also already glad that iam find in my user account the relevant e-mail address ..

But it is also a risk to show the e-mail address fully.
everything is running today over e-mail.
That's why the Idea or Question: Confirm each login via E-mail would be clever.

Best regards to all, sincerely Marcel
Der Mensch hat dreierlei Wege, klug zu handeln:
Erstens durch Nachdenken, das ist das Edelste,
zweitens durch Nachahmen, das ist das Leichteste,
und drittens durch Erfahrung, das ist das Bitterste.
(Konfuzius)

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1339
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby stutteringp0et » Sat Aug 12, 2017 5:29 pm

I like it - but I think someone has already done it. I'll spend a little time looking in the JED for it - and if I don't find it, I'll write it (because it's a good idea to take control away from Google whenever possible)
My extensions: http://extensions.joomla.org/profile/profile/details/18398
Honk if this signature offends you.

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1339
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby stutteringp0et » Sat Aug 12, 2017 5:40 pm

Well, I remembered it wrong...

https://extensions.joomla.org/extension ... -password/

This plugin requires you to enter an email address, which triggers an email containing an auto-login link.

That seems dangerous, because if an attacker knew a valid address - he could cause a DOS against the sites ability to send email to a specific provider by spamming it with login link requests.... Doing it with a password is much safer.

I'm going to look into writing this as you described it.
My extensions: http://extensions.joomla.org/profile/profile/details/18398
Honk if this signature offends you.


Return to “Joomla! Ideas Forum”

Who is online

Users browsing this forum: No registered users and 16 guests