[#20150] - 2 Factor authentication - remember
- Closed
- 18 Apr 2018
- Medium
- Build: staging
- # 20150
We want to start using (Google) two-factor authentication on the sites we manage for our clients. But we manage about 100 sites and adding this authentication will cost us a lot of extra time to maintain the sites.
I was wondering if it would be possible to 'remember' the authentication for a specific period of time (say 30 days) before having to enter a new code. Maybe in combination with remembering the IP is was submitted from. This wat we don;t have to authenticate every time we log in. Only every 30 days.
Or would this just defeat the purpose of the extra protection?
Kind regrads,
Jip
| Labels |
Added:
?
|
||
franz-wohlkoenig
- | Category | ⇒ | Authentication Feature Request |
Google uses 'trusted devices':
++++++++++++++++
_If you don’t want to enter a 2-Step Verification code or use your Security Key every time you sign in to your Google Account, you can mark your computer or mobile device as trusted. With trusted computers and devices, you don’t need to enter a verification code each time you sign in.
+++++++++++++++++
https://support.google.com/accounts/answer/2544838?hl=en
So would that not be an option to use for Joomla!?
that is two step authentication and not two factor authentication iirc
Ah right ;-) So 'trusted devices' only work with two-step (like a sms with code to you phone) and not with two-factor (Google app with 30 second code).
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-04-12 14:39:50 |
| Closed_By | ⇒ | jjnxpct |
| Status | Closed | ⇒ | New |
| Closed_Date | 2018-04-12 14:39:50 | ⇒ | |
| Closed_By | jjnxpct | ⇒ |
Sorry for pushing this issue, but I also use Lastpass as a password manage. They make it possible to login to your account using two-factor authentication but also have the option to 'trust' the computer for 30 days. So this is possible... right?
Or am I still missing something ;-)
Because of not having support for trusted devices this feature is
a bit of a nuinance ...
thus enabled less than expected, or disabled after some time and doing other alternatives
Quoting about trusted devices :
Devices that do not need a second step
You can skip the second step on devices that you trust, such as your own computer.
| Status | New | ⇒ | Discussion |
Two factor authentication was recently also added to myjoomla.com. Also with a trusted device option. So It is possible... Don't know if it is more or less safe. I do think this option would encourage more site managers to use 2FA.
myjoomla.com does not use joomla ;)
Haha, no I'm sure it doesn't... I just wanted to point out that 2FA can be used with a 'trust' option. So it would be technically possible to add this to Joomla as well. Am I right?
Of course it’s technically possible.... almost anything is! But having someone to do it is another question :-).
@tonypartridge, I hope that answers your question :)
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-04-18 06:40:12 |
| Closed_By | ⇒ | joomla-cms-bot |
| Closed_By | joomla-cms-bot | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/20150
yes that would completely defeat the entire reason for having 2fa