PHPCRED-9: Two Factor Authentication



Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Unresolved
Affects Version: 1.15,
Target version: 1.5,
Components: Authentication ,

Created: 2013-12-07 00:10:41
Time Spent Working


Description
Definitely worth looking at, but need to make sure it's not vendor centric. Using the OATH standard should allow use of a range of OTP apps on different mobile platforms


Toggle State Changes

Activity


btasker added '1.15' to Version
btasker added '1.5' to Fix Version
Given the near ubiquity of Yubikeys, it seems like a good integration to run with.

Although the exact implementation might vary, suspect a good (and relatively easy) way forward would be to have the system behave like the PAM module used for SSH.

The user's login process would therefore be

- Enter Username
- Enter password
- WIthout leaving the password field, short press on the yubikey

The back-end would then need to seperate the password from the yubikey's input (though it'll have the yubikey's ID stored anyway) and place a request to the Yubico API server to validate the OTP