Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#30872] - Improvement for [two-factor authentication]: sending time code to e-mail address

?
avatar sanek4life
sanek4life
2 Oct 2020

Is your feature request related to a problem? Please describe.

Now it is possible to get a temporary code only in an application like Google Authenticator, but if a person has lost his phone, he will not be able to restore access to his account. It's the same when a person buys a new phone for himself - he has to re-scan the QR code for the authorization application on the new phone.

Describe the solution you'd like

I suggest adding the ability to send a time code to log into your account to the user's e-mail address. (I could also suggest sending the timecode via SMS, but I think it will cost money for site owners).

Additional context

I have seen a lot of popular sites that offer sending a time code to an e-mail or phone number via SMS, not only from the authenticator application.

For example, Yahoo! Mail offers to send a temporary code by e-mail or via SMS (and also has a field where you can mark - remember me on this device and not enter the temporary code again when you visit again)

also the relevant idea: #30630

avatar sanek4life sanek4life - open - 2 Oct 2020
avatar joomla-cms-bot joomla-cms-bot - change - 2 Oct 2020
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 2 Oct 2020
avatar sanek4life sanek4life - change - 2 Oct 2020
Title
Improvement for two-factor authentication: sending time code to e-mail address
Improvement for [two-factor authentication]: sending time code to e-mail address
avatar sanek4life sanek4life - edited - 2 Oct 2020
avatar Fedik
Fedik - comment - 2 Oct 2020

but if a person has lost his phone

that why you should store "recovery codes"

avatar sanek4life
sanek4life - comment - 2 Oct 2020

but if a person has lost his phone

that why you should store "recovery codes"

People make sites on Joomla not for hackers, but for ordinary people who want to restore access via SMS or e-mail. I do not currently enable 2FA on my site because it is a very inconvenient feature. Everyone uses social networks, online stores and many other popular sites, where there is a receipt of a time code via SMS or e-mail (and as an additional option - receiving a code through an authenticator application).

I believe that this functionality is incomplete in Joomla. This functionality was made for Joomla in 2013, it was 7 years ago. Since then, nothing has changed here.

avatar alikon
alikon - comment - 2 Oct 2020

Since then, nothing has changed here.

this is not true j4 will ship with WebAuth #28094

avatar sanek4life
sanek4life - comment - 2 Oct 2020

Since then, nothing has changed here.

this is not true j4 will ship with WebAuth #28094

изображение

I saw this image on site https://webauthn.io/. Does this mean that in Joomla 4 it will be possible to receive a temporary code by e-mail, or confirm the entrance with a fingerprint?

p.s. Everything I wrote in the first post was about Joomla 3.

avatar alikon
alikon - comment - 2 Oct 2020

joomla 3 is in feature freeze, also joomla 4 it is
please read carefully #28094 which have a very detailed description

avatar alikon alikon - close - 2 Oct 2020
avatar alikon alikon - change - 2 Oct 2020
Status New Closed
Closed_Date 0000-00-00 00:00:00 2020-10-02 19:02:02
Closed_By alikon

Add a Comment

Login with GitHub to post a comment