########################################################################################## PHPCRED-9: Two Factor Authentication ########################################################################################## Issue Type: New Feature ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Closed Resolution: Won't Fix (2019-09-09 15:51:12) Project: PHPCredlocker (PHPCRED) Reported By: btasker Assigned To: btasker Components: - Authentication Affected Versions: - 1.15 Targeted for fix in version: - 1.5 Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== Definitely worth looking at, but need to make sure it's not vendor centric. Using the OATH standard should allow use of a range of OTP apps on different mobile platforms ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2013-12-07 00:16:17 ----------------------------------------------------------------------------------------- btasker added '1.15' to Version ----------------------------------------------------------------------------------------- 2013-12-07 00:16:17 ----------------------------------------------------------------------------------------- btasker added '1.5' to Fix Version ----------------------------------------------------------------------------------------- 2013-12-16 19:47:50 btasker ----------------------------------------------------------------------------------------- YubiKey may be a good way forward - http://www.yubico.com/develop/open-source-software/validation-server/ https://github.com/Yubico/php-yubico ----------------------------------------------------------------------------------------- 2014-10-25 13:48:54 btasker ----------------------------------------------------------------------------------------- Given the near ubiquity of Yubikeys, it seems like a good integration to run with. Although the exact implementation might vary, suspect a good (and relatively easy) way forward would be to have the system behave like the PAM module used for SSH. The user's login process would therefore be - Enter Username - Enter password - WIthout leaving the password field, short press on the yubikey The back-end would then need to seperate the password from the yubikey's input (though it'll have the yubikey's ID stored anyway) and place a request to the Yubico API server to validate the OTP ----------------------------------------------------------------------------------------- 2019-09-09 15:51:12 btasker ----------------------------------------------------------------------------------------- Bulk Closing as Won't Fix. Credlocker is EOL so no further work will be done. ----------------------------------------------------------------------------------------- 2019-09-09 15:51:12 ----------------------------------------------------------------------------------------- btasker changed status from 'Open' to 'Closed' ----------------------------------------------------------------------------------------- 2019-09-09 15:51:12 ----------------------------------------------------------------------------------------- btasker added 'Won't Fix' to resolution