Introducting PIN feature for backend Topic is solved

Be informed that this forum is not an official support forum for Joomla! 4.0. Any issues regarding Joomla! 4.0 must be reported at https://issues.joomla.org/.

Joomla 4.0 is still in Beta stage. This forum should be used for sharing information about Joomla! 4.0.

Moderator: ooffick

Forum rules
Locked
User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Introducting PIN feature for backend

Post by JurajB » Fri Jul 31, 2020 5:37 pm

Hello joomlas,
everybody who have windows 10 know what pin feature is..
its a solution to not provide password, just a simple (and effective) check..
many of us have username and password saved into browser
feature enabling pin check (without possible "save" solution) will be greatly awaited..
[ redacted ]
Last edited by toivo on Fri Jul 31, 2020 11:14 pm, edited 1 time in total.
Reason: mod note: manual signature removed, please read the forum rules!

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Introducting PIN feature for backend

Post by sozzled » Fri Jul 31, 2020 8:33 pm

Not interested in PINs (as an alternative to username/password). If anyone was interested in PINs for J! someone would have developed a plugin in the JED years ago. Just another useless feature that may attract one in a few thousand people, perhaps, IMO.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Introducting PIN feature for backend

Post by JurajB » Sat Aug 01, 2020 7:23 am

I though you are at the level when 1 of 1000 are lot of people.
Of course nobody uses it when its not available.
It should solve the problem with prefilled login data so canyone can log while you are away.
Another 'extreme' is when you use plugin that extends session to forever.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 17350
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Next beta

Post by toivo » Tue Aug 11, 2020 1:37 pm

Where does that assumption come from? Is your question related to the earlier topic Introducting PIN feature for backend?
Toivo Talikka, Global Moderator

User avatar
darb
Joomla! Hero
Joomla! Hero
Posts: 2038
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden

Re: Next beta

Post by darb » Tue Aug 11, 2020 3:33 pm

I dont see any roadmap for that or any next beta release discussions about this or any discussion when a RC could be planned to be released.

Its interesting to know though what policies set back a Joomla 4.0 rc candidate. Is it the backlog that is the showstopper and does it have to be 100% ( 80 %...) cleaned first ( and what levels ) before a RC - Toivo what you think?

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Next beta

Post by JurajB » Tue Aug 11, 2020 4:11 pm

toivo how about this:
I tried to post this feature but it was already done.
I dont know if it is the same as I mentioned.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Next beta

Post by brian » Tue Aug 11, 2020 6:30 pm

If you read more carefully you would see that the feature had already been requested. That is all.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: PIN feature for J! 4

Post by sozzled » Tue Aug 11, 2020 7:30 pm

This is the request that @brian mentions: https://github.com/joomla/joomla-cms/issues/28390

As I wrote (and others have commented on GitHub), no-one seems to be too interested in implementing a PIN feature for Joomla! As an "optional feature", maybe someone might like to write a new authentication plugin/login module that replaces the normal username/password login mechanism but, IMO, that would be dangerous as far as site security is concerned.

If people are concerned about the "ease" by which brute force attacks are made or the "ability" to login on a device that's left lying around for others to use and logging into a website simply because they're able to access stored passwords on that device, they could always use two-factor authentication. Unless a PIN "login method used similar anti-brute force countermeasures (e.g. the three-strikes and your out rule) then site security would be at the mercy of brute force attacks. Eventually they would do one of two things:

(a) they would allow people to login; or
(b) they would prevent people (who could login) from being able to login again until the account was re-enabled.

Silly idea, IMO. I have no reason to expect that a PIN-feature will ever get off the ground for J! 4.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Next beta

Post by brian » Tue Aug 11, 2020 7:30 pm

dont feed the troll
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Next beta: PIN feature for J! 4 ???

Post by sozzled » Tue Aug 11, 2020 7:42 pm

I fed him earlier, @brian. Apparently he's still hungry. :laugh: FYI, the forum moderators also fed him by allowing this topic to remain, separately from his earlier topic on the same subject. I asked the forum moderators to merge this topic with the OP's earlier topic and I'm still waiting for that to happen. 8)

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Next beta

Post by JurajB » Wed Aug 12, 2020 6:49 am

OK I tried little journalist style to fresh this up, but you already know this ;) Im sorry of what this became to be.
Why am I troll? OK I will change myself and take care of this in future.
Thanks,
Have a nice day
PS this isnt the same feature as I declared my ID in my previous IDEA.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Next beta

Post by JurajB » Wed Aug 12, 2020 7:07 am

Wait guys, my original idea of this pin was an EXTRA security and the login informations will be still active (and accessible via browsers saved informations prefilled into login, so this is why you can have extra pin so the intruder is stopped and without it the intruder just click login with the browser saved prefilled creditials)

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Next beta

Post by sozzled » Wed Aug 12, 2020 8:09 am

It's not going to happen in J! 4.0.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Will the next beta include PIN authentication?

Post by JurajB » Wed Aug 12, 2020 8:24 am

But why? Its like 2FA but little easier. It helps in the situation I was mentioning. You have browser saved backend login creditials and you dont want to take 2FA, which is longer, you just enable 4 digit pin. This pin will as opposite to a login means it not be saved, stored and offered from browser when SOMEBODY arrives to pc which has login form on the whole display, one click away from accessing your website, so he can change something, delete something or get some information. And only you know this pin so when you come from toilet nobody could login (because they dont know your pin (which will not offer one click solution fo fill in automatically (this is what Im sayin whole time).
NORMAL LOGIN WILL NOT BE ALTERED BY ANY WAY, you will still have to provide name and password (in the backend)
Just as in bank accounts, have pins to secure your money.

You just provide:
username (saved and prefilled)
password (again saved and prefilled)
and pin (which shows (if its set on) after you click login)

- its (much) safer in this AFK situation
- its much faster than 2FA
- its new so nobody know it
- its optional so nobody will be hurt

And now banks are using this, sometimes website damage can hurt as a lost of some money.
So now IS this BAD? Normal login wont be altered, just expanded.
Last edited by JurajB on Wed Aug 12, 2020 8:34 am, edited 1 time in total.

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Will the next beta include PIN authentication?

Post by sozzled » Wed Aug 12, 2020 8:34 am

You want to stop people accessing your device while you're AFK? Simple: lock the device!

"Banks"—websites, that is—are not "using this [method]". Sure, PINs for EFTPOS have been around for ages. Have you ever left your EFTPOS card lying around while you're AFK? Come on, be serious!

"Locking" J! with a PIN is a silly idea; that's not just my opinion. This is not going to happen in J! 4.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Will the next beta include PIN authentication?

Post by JurajB » Wed Aug 12, 2020 8:51 am

OK so banks:
I somehow login from the browser data (europe), and now Im able to send money transfer (bank transfer) to my secret account. I just can do this because after filling transfer details the bank sums things up and asks for pin (which I dont have because im intruder and this is NOT my bank account). This pin is generated from the card reader, you put there your card, visa for example it reads it you enter the number from display (generated by bank) and this card reader generates a pin for your transaction.
This is a way longer and safer that this silly pin idea, so you (probably) dont have a Joomla! Card reader in next 10 years available (what will be in 10 years? - it will start data as the money resource (well ok maybe further future). But Im talking about easy pin configurable in backend right before 2FA.
So what about bank level security? I know its not the level of protection bank provide with this generated pins from a visa card reader. Its silly compared to bank, but it still may work as a better, safer and fastly route to great backend Joomla! 4 offers.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Will the next beta include PIN authentication?

Post by JurajB » Wed Aug 12, 2020 8:55 am

Sozzled do you know what will happen on windows 10 when you lock your computer and go AFK?
It asks you for pin.

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Will the next beta include PIN authentication?

Post by sozzled » Wed Aug 12, 2020 9:05 am

This will be my final response in this topic.

1) The next beta will not include PIN authentication. Full stop. End of discussion.
2) There are no plans to include PIN authentication for J! 4. Again, full stop.
3) I don't have this bank-asks-you-for-a-PIN-on-the-browser-after-you-go-AFK feature. Sorry. Maybe things are different where you live.
4) I do not use a PIN unlock feature with Windows 10. I deliberately disabled that feature. I use password unlocking instead. So what? It's off-topic and it has nothing to do with J!.

If there was support for your idea then, as I wrote in your other topic:
sozzled wrote:
Fri Jul 31, 2020 8:33 pm
If anyone was interested in PINs for J! someone would have developed a plugin in the JED years ago.
It hasn't happened; no-one is interested in making this happen; it won't happen.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Will the next beta include PIN authentication?

Post by JurajB » Wed Aug 12, 2020 10:14 am

OK, as you said.

User avatar
JurajB
Joomla! Guru
Joomla! Guru
Posts: 624
Joined: Fri Oct 02, 2015 3:28 pm

Re: Will the next beta include PIN authentication?

Post by JurajB » Wed Aug 12, 2020 2:43 pm

OK, guys reading this - there are technologies for this already and this functionality is redundant.
My apologies, I was in bit hurry.
Ready for next technologies, now with more skill :)


Locked

Return to “Joomla! 4 Related”