PHPCRED-9: Two Factor Authentication

Issue Information

Issue Type: New Feature
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Unresolved
Affects Version: 1.15,
Target version: 1.5,
Components: Authentication ,

Created: 2013-12-07 00:10:41
Time Spent Working

Definitely worth looking at, but need to make sure it's not vendor centric. Using the OATH standard should allow use of a range of OTP apps on different mobile platforms

Toggle State Changes


btasker added '1.15' to Version
btasker added '1.5' to Fix Version
Given the near ubiquity of Yubikeys, it seems like a good integration to run with.

Although the exact implementation might vary, suspect a good (and relatively easy) way forward would be to have the system behave like the PAM module used for SSH.

The user's login process would therefore be

- Enter Username
- Enter password
- WIthout leaving the password field, short press on the yubikey

The back-end would then need to seperate the password from the yubikey's input (though it'll have the yubikey's ID stored anyway) and place a request to the Yubico API server to validate the OTP