Project

General

Profile

Actions

Task #7089

closed

[dynamicweb] Implement 2FA in dynamicweb with ungleich-otp

Added by Mondi Ravi about 5 years ago. Updated 11 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
-
Start date:
08/26/2019
Due date:
% Done:

0%

Estimated time:
PM Check date:

Description

Here's Nico's idea to do it:

I was wondering

If we can write some javascript code

that stores the seed in the browser

actually...

the code is not that long

So we could even ask the user to save it

and while it is not perfectly secure, we could do the following:

user creates an account -> gets the seed displayed -> we save it in the browser

the user is also asked to save it as 2FA

when the user tries to login, we run some client side code

that generates the token from the seed

and only submits the token back to us

Actions

Also available in: Atom PDF