two Factor over own Mail Server (NOT Gmail)

Do you have an idea for the Joomla community that you can help implement? Discuss in here.
Forum rules
Global Rules
Posting guidelines for this board <-- please read before posting.

Joomla Idea Pool <-- Add your suggestions for future versions of Joomla and vote on current suggestions.
User avatar
pctech
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Sun Oct 15, 2006 8:09 am
Location: Zürich Schweiz
Contact:

two Factor over own Mail Server (NOT Gmail)

Postby pctech » Wed May 17, 2017 11:06 pm

:pop
Good evening everyone

I am looking for a simple way to send a link (or a number) to the user's e-mail address each time as a 2nd factor.

Actually just like when registering.
There is also (over) the e-mail address is authenticated.

As an security feature, always hide the characters at the e-mail address in the user controller.
Example: jo .. @ .. p .. or as in the password field without content.

But I am also already glad that iam find in my user account the relevant e-mail address ..

But it is also a risk to show the e-mail address fully.
everything is running today over e-mail.
That's why the Idea or Question: Confirm each login via E-mail would be clever.

Best regards to all, sincerely Marcel
Der Mensch hat dreierlei Wege, klug zu handeln:
Erstens durch Nachdenken, das ist das Edelste,
zweitens durch Nachahmen, das ist das Leichteste,
und drittens durch Erfahrung, das ist das Bitterste.
(Konfuzius)

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1350
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby stutteringp0et » Sat Aug 12, 2017 5:29 pm

I like it - but I think someone has already done it. I'll spend a little time looking in the JED for it - and if I don't find it, I'll write it (because it's a good idea to take control away from Google whenever possible)
My extensions: http://extensions.joomla.org/profile/profile/details/18398
Honk if this signature offends you.

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1350
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby stutteringp0et » Sat Aug 12, 2017 5:40 pm

Well, I remembered it wrong...

https://extensions.joomla.org/extension ... -password/

This plugin requires you to enter an email address, which triggers an email containing an auto-login link.

That seems dangerous, because if an attacker knew a valid address - he could cause a DOS against the sites ability to send email to a specific provider by spamming it with login link requests.... Doing it with a password is much safer.

I'm going to look into writing this as you described it.
My extensions: http://extensions.joomla.org/profile/profile/details/18398
Honk if this signature offends you.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1320
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby fcoulter » Mon Aug 21, 2017 12:01 pm

Doing it with a password is much safer


Mr Stuttering Poet, I agree with you. In fact we have just added the Bye Bye password plugin to the Live VEL https://vel.joomla.org/vel-blog/2001-bye-bye-password-1-0-4-information-disclosure and we advise people not to use it until the developer has addressed some security issues.

Also there is a tracking script in the plugin installer, so that the developer can tell when you install it on your site.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator
VEL team member
"Wearing my tin foil hat with pride"

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1350
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: two Factor over own Mail Server (NOT Gmail)

Postby stutteringp0et » Mon Aug 21, 2017 2:49 pm

Probably best for everyone.

I'd get right on building something to replace it - but I've already got 3 extensions waiting in the JED queue with a fourth that I cannot submit until at least one of the three are accepted. Based on my submission dates and the average turnaround on acceptance, I'm probably a month away from having an open slot to submit to.
My extensions: http://extensions.joomla.org/profile/profile/details/18398
Honk if this signature offends you.


Return to “Joomla! Ideas Forum”

Who is online

Users browsing this forum: No registered users and 3 guests