ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001412ClearOSapp-base - Base Systempublic2013-10-30 17:492018-11-20 11:52
Reporteruser2 
Assigned Tobchambers 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001412: Add multi-factor authentication (MFA)
DescriptionScope to be determined.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001231)
marclaporte (manager)
2014-07-13 10:22

Please see:

http://www.dynalogin.org/ [^]
https://www.youtube.com/watch?v=tWZgQvWy22A [^]
https://www.ohloh.net/p/dynalogin [^]
(0001232)
marclaporte (manager)
2014-07-13 16:47
edited on: 2014-07-13 16:47

Joomla! add 2FA in version 3.2

http://www.youtube.com/watch?v=NbG6eehASW8 [^]
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31704&start=0 [^]

(0001249)
marclaporte (manager)
2014-07-26 08:58

In ClearOS, users can update their passwords:
http://www.clearcenter.com/support/documentation/user_guide/user_profile [^]
This should trigger multi-factor authentication (MFA).

Also, there should be a way for apps to trigger this. For example, in Tiki, a user updates the payment gateway information for the shopping cart. Each app would determine a list of critical actions which trigger MFA.

Thanks!
(0001286)
marclaporte (manager)
2014-08-26 19:55

Useful for high importance actions such as changing a password.

Related:

Provide setting to disallow users from changing passwords
http://tracker.clearfoundation.com/view.php?id=1931 [^]
(0001293)
marclaporte (manager)
2014-09-07 22:09

When considering scope, let's also look into one-time passwords (OTP) and alternatives like:
https://www.grc.com/sqrl/sqrl.htm [^]
https://www.grc.com/offthegrid.htm [^]
(0001340)
marclaporte (manager)
2015-01-20 23:38

https://secure.clearcenter.com/ [^] could benefit from enhanced security.

Linode has this: "When Account Security is enabled, you can only log in from an IP address on your whitelist. When someone attempts to log in with your username from an IP that is not on your whitelist an email alert is sent to you. The email contains a link that allows you to add that IP address to your whitelist. Subsequent successful logins from that IP will not generate an alert."

Another option: A short code sent to the cell phone associated to the account
(0001395)
marclaporte (manager)
2015-03-17 11:20

A great site showing that MFA is becoming the standard: https://twofactorauth.org/ [^]
(0008671)
user2
2018-11-20 11:52

Just tracker cleanup.

- Issue History
Date Modified Username Field Change
2013-10-30 17:49 user2 New Issue
2013-10-31 10:21 user2 Status new => confirmed
2014-07-13 10:22 marclaporte Note Added: 0001231
2014-07-13 16:47 marclaporte Note Added: 0001232
2014-07-13 16:47 marclaporte Note Edited: 0001232 View Revisions
2014-07-26 08:58 marclaporte Note Added: 0001249
2014-08-26 19:55 marclaporte Note Added: 0001286
2014-09-07 21:49 marclaporte Summary Add two-factor authentication => Add multi-factor authentication (MFA)
2014-09-07 22:09 marclaporte Note Added: 0001293
2015-01-20 23:38 marclaporte Note Added: 0001340
2015-03-17 11:20 marclaporte Note Added: 0001395
2015-04-20 11:37 marclaporte Relationship added related to 0001831
2018-11-20 11:52 user2 Assigned To => bchambers
2018-11-20 11:52 user2 Status confirmed => assigned
2018-11-20 11:52 user2 Note Added: 0008671
2018-11-20 11:52 user2 Status assigned => resolved
2018-11-20 11:52 user2 Resolution open => fixed
2018-11-20 11:52 user2 Status resolved => closed