Protection offered by Web Authentication in Joomla 4

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
esarrat
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Thu Mar 12, 2015 8:49 am

Protection offered by Web Authentication in Joomla 4

Post by esarrat » Mon Aug 08, 2022 1:27 pm

Hello,

The documentation of Joomla 4 (https://docs.joomla.org/WebAuthn_Passwordless_Login) states that "WebAuthn is the future of authentication. Easy, secure and hassle-free. Everything that fixed passwords are not." As if its implementation would protect against a login with a userid and password - sould the latter have been stolen.

However, in my experience on my Joomla 4 site, implementing this feature for myself still leaves available the option to connect to the site just with my userid and password - without requiring to go through the web authentication step that has been defined.

So, I am wondering about the value of using this feature. It is certainly more convenient to log in with a fingerprint than by typing a password, but my access is not more secured...

From my vantage point, choosing to enable Web Authentication for a user should mandate that this mechanism be always used with his userid, and should no longer allow him/her to log in with - just - his/her userid and password.

Do I misunderstand something ?...

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Protection offered by Web Authentication in Joomla 4

Post by brian » Mon Aug 08, 2022 1:37 pm

Do I misunderstand something ?...
No not really and everything you refer to is addressed in Joomla 4.2 released in a few weeks
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

esarrat
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Thu Mar 12, 2015 8:49 am

Re: Protection offered by Web Authentication in Joomla 4

Post by esarrat » Mon Aug 08, 2022 2:19 pm

Thank you Brian :-)

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20652
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Protection offered by Web Authentication in Joomla 4

Post by leolam » Fri Aug 12, 2022 3:31 pm

Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -


Locked

Return to “Security in Joomla! 4.x”