Motivation
In a secure environment a two-step authentication may be required,
Wikipedia:Two_step_authentication
This proposal adds the infrastructure for two-step authentication
Description and Documentation
The template log-in is enhanced to support two-step authentication.
A new configure setting defines a second step authentication. Example:
$TWiki::cfg{TwoStepAuthManager} = 'TWiki::LoginManager::EmailTwoStepAuth';
If set to anything other than empty or
'none', the two-step authentication manager will be loaded by the template login. If set, these steps will be executed:
- The template login shows the usual login screen for username and password.
- On successful login, a second login screen is shown for a second challenge by the two-step authentication manager, technically done by calling the method
secondStepAuth( $loginName, $origurl ).
- This method returns the template text of the second login screen.
- The second challenge can be omitted, such as if the user is in an internally secured environment. Technically done by returning an empty string for the second login screen.
- The two-step authentication manager sends an e-mail, SMS or other way to challenge the user with a secondary login, such as a one-time-use access code.
- The user enters the second challenge, such as a one-time-use access code, and submits the form.
- The template login verifies that the second challenge is correct, technically done by calling the method
verifyAuth( $loginName, $accessCode ). That method returns an error string:
- If error is an empty string, second challenge is OK, and login succeeds
- Else, show error string in login banner
There are three tracking items:
Installation
See installation instructions of
EmailTwoStepAuthContrib if you want to use this in TWiki-6.0.0 or earlier versions.
Impact
Implementation
--
Contributors: 
Peter Thoeny - 2014-08-07
Discussion
Accepted by release meeting at
KampalaReleaseMeeting2014x08x07
--
Peter Thoeny - 2014-08-07
The initial extension for two-step authentication is is now done. See installation instructions of
TWiki:Plugins.EmailTwoStepAuthContrib if you want to use this in TWiki-6.0.0 or earlier versions.
The implementation of
TWiki:Plugins.SmsTwoStepAuthContrib for SMS authentication is pending.
--
Peter Thoeny - 2014-08-26
The first version of
TWiki:Plugins.SmsTwoStepAuthContrib for SMS authentication was done on 2014-09-10. Today I added per-user selectable single-step or two-step auth mode.
--
Peter Thoeny - 2014-09-22
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.