A suggestion for Google Two Factor Authentication

For Joomla! 3.x Coding related discussions, please use: http://groups.google.com/group/joomla-dev-general

Moderators: ooffick, dam-man

Forum rules
Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.
User avatar
cspgsl
Joomla! Explorer
Joomla! Explorer
Posts: 285
Joined: Thu Nov 09, 2006 11:35 am

A suggestion for Google Two Factor Authentication

Postby cspgsl » Wed Mar 15, 2017 10:04 pm

I don't know if this is the place for such a suggestion so if it should be elsewhere, please let me know.

I have enabled GTFA on several dozen sites and suggest that when one opens the backend/administrator window when GTFA is enabled, the cursor should be set in the secret key window by default.

Just a thought

User avatar
mbabker
Joomla! Ace
Joomla! Ace
Posts: 1808
Joined: Sun Feb 28, 2010 8:26 pm
Location: White Bear Lake, MN, USA
Contact:

Re: A suggestion for Google Two Factor Authentication

Postby mbabker » Wed Mar 15, 2017 11:42 pm

Most two factor authentication applications require your username and password as step one then the second factor (YubiKey, Google Authenticator, SMS verification, etc.) as a second step. So based on existing workflows with numerous other sites and what I'd call a reasonable expectation, I wouldn't expect to first input a 2FA response then the normal username/password authentication.
Past: Release Lead, CMS Maintainer
Present: Production Department Coordinator, Framework Maintainer, Security Team Member, .org System Administrator

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e1e2fbc6b7815a733607f89281

User avatar
cspgsl
Joomla! Explorer
Joomla! Explorer
Posts: 285
Joined: Thu Nov 09, 2006 11:35 am

Re: A suggestion for Google Two Factor Authentication

Postby cspgsl » Thu Mar 16, 2017 12:16 pm

I thought of that after posting and realize the unlikelihood of my idea becoming reality.

For many developers like myself who work alone in a home office, usernames and passwords are stored by the browser. Such a setup would be a convenience, notwithstanding any security issues.

User avatar
LukeDouglas
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 161
Joined: Sat Dec 08, 2007 8:23 pm

Re: A suggestion for Google Two Factor Authentication

Postby LukeDouglas » Thu Mar 16, 2017 4:34 pm

There should be a text message option instead of using the Google Authenticator. :)

User avatar
cspgsl
Joomla! Explorer
Joomla! Explorer
Posts: 285
Joined: Thu Nov 09, 2006 11:35 am

Re: A suggestion for Google Two Factor Authentication

Postby cspgsl » Thu Mar 16, 2017 5:49 pm

Where is the SMS option or are you saying that SMS should be an option?

User avatar
LukeDouglas
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 161
Joined: Sat Dec 08, 2007 8:23 pm

Re: A suggestion for Google Two Factor Authentication

Postby LukeDouglas » Thu Mar 16, 2017 5:58 pm

It should be an 'option'. Right now you have to use either the Google Authenticator or the YuriKey (I think that is the way you spell it.)


Return to “Joomla! 3.x Coding”

Who is online

Users browsing this forum: No registered users and 2 guests