two Factor over own Mail Server (NOT Gmail)
- pctech
- Joomla! Apprentice
- Posts: 15
- Joined: Sun Oct 15, 2006 8:09 am
- Location: Zürich Schweiz
- Contact:
two Factor over own Mail Server (NOT Gmail)
Good evening everyone
I am looking for a simple way to send a link (or a number) to the user's e-mail address each time as a 2nd factor.
Actually just like when registering.
There is also (over) the e-mail address is authenticated.
As an security feature, always hide the characters at the e-mail address in the user controller.
Example: jo .. @ .. p .. or as in the password field without content.
But I am also already glad that iam find in my user account the relevant e-mail address ..
But it is also a risk to show the e-mail address fully.
everything is running today over e-mail.
That's why the Idea or Question: Confirm each login via E-mail would be clever.
Best regards to all, sincerely Marcel
Der Mensch hat dreierlei Wege, klug zu handeln:
Erstens durch Nachdenken, das ist das Edelste, zweitens durch Nachahmen, das ist das Leichteste und drittens durch Erfahrung, das ist das Bitterste. (Konfuzius)
Erstens durch Nachdenken, das ist das Edelste, zweitens durch Nachahmen, das ist das Leichteste und drittens durch Erfahrung, das ist das Bitterste. (Konfuzius)
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: two Factor over own Mail Server (NOT Gmail)
I like it - but I think someone has already done it. I'll spend a little time looking in the JED for it - and if I don't find it, I'll write it (because it's a good idea to take control away from Google whenever possible)
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: two Factor over own Mail Server (NOT Gmail)
Well, I remembered it wrong...
https://extensions.joomla.org/extension ... -password/
This plugin requires you to enter an email address, which triggers an email containing an auto-login link.
That seems dangerous, because if an attacker knew a valid address - he could cause a DOS against the sites ability to send email to a specific provider by spamming it with login link requests.... Doing it with a password is much safer.
I'm going to look into writing this as you described it.
https://extensions.joomla.org/extension ... -password/
This plugin requires you to enter an email address, which triggers an email containing an auto-login link.
That seems dangerous, because if an attacker knew a valid address - he could cause a DOS against the sites ability to send email to a specific provider by spamming it with login link requests.... Doing it with a password is much safer.
I'm going to look into writing this as you described it.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: two Factor over own Mail Server (NOT Gmail)
Mr Stuttering Poet, I agree with you. In fact we have just added the Bye Bye password plugin to the Live VEL https://vel.joomla.org/vel-blog/2001-by ... disclosure and we advise people not to use it until the developer has addressed some security issues.Doing it with a password is much safer
Also there is a tracking script in the plugin installer, so that the developer can tell when you install it on your site.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: two Factor over own Mail Server (NOT Gmail)
Probably best for everyone.
I'd get right on building something to replace it - but I've already got 3 extensions waiting in the JED queue with a fourth that I cannot submit until at least one of the three are accepted. Based on my submission dates and the average turnaround on acceptance, I'm probably a month away from having an open slot to submit to.
I'd get right on building something to replace it - but I've already got 3 extensions waiting in the JED queue with a fourth that I cannot submit until at least one of the three are accepted. Based on my submission dates and the average turnaround on acceptance, I'm probably a month away from having an open slot to submit to.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.