Loading...
 

Multi-factor authentication

“Multi-factor authentication (also MFA, two-factor authentication, two-step verification, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something only the user knows”), a possession factor (“something only the user has”), and an inherence factor (“something only the user is”). After presentation, each factor must be validated by the other party for authentication to occur.” Source: http://en.wikipedia.org/wiki/Multi-factor_authentication

Multifactor Authentication: Its Time Has Come

Goal: add this to Tiki in the context of http://wikisuite.org/

Better to do in ClearOS, so it becomes available to Tiki and all the other apps (Kolab, VPN, Piwik, Openfire, Kimchi, Syncthing, etc.)
http://tracker.clearfoundation.com/view.php?id=1412 -> https://github.com/eglooca/app-two-factor-auth-extension


Pro

  • Implements TOTP

Con

  • Written in C



Pro

  • Implements HOTP

Con

  • Written in C++
  • Is a PAM module
  • Does not implement TOTP



Pro

Con

  • Written in Ruby or Python (Can’t tell for sure, since site is dead)
  • Project on github dead (according to link on OpenHub



Pro

  • Implements TOTP

Con

  • Written in Java


None of the above is a workable solution for Tiki due to programming language incompatibilities and most of them having totally different scopes.

Generic TOTP approach

This is not an issue of choosing a fancy library. This is an issue of choosing a properly working open protocol. The probably most widely used Two-Factor-Authentication is the Time-based One-Time Passwords Algorithm (TOTP) based on RFC 6238, which is also implemented by almost all of the above projects. There is a widely used token implementation in form of the Google Authenticator app for smartphones. Despite the name it is a fully open source application. There is also a non-Google branded app https://f-droid.org/packages/net.bierbaumer.otp_authenticator/(discontinued), maintained fork of the previous app: https://f-droid.org/en/packages/org.shadowice.flocke.andotp/.
What’s needed to make this work is some PHP code in Tiki and luckily there are libraries for this:


An additional advantage here is, that people can just continue using the same app on the phone as they did for all kinds of other high-profile sites before.

This is also how Joomla does it:

Alternative approach

Another option is using GPG-keys as the second factor. On login the user is presented with a GPG-encrypted message he has to decrypt and paste the resulting code back into Tiki to finish the login. The basics for GPG-encryption seem to be available in Tiki already, so this avenue should be considered as an alternative option to the more standard TOTP/Authenticator.

Future Options

In the long term it will probably become interesting to implement U2F (Universal 2nd Factor which uses specialised USB or NFC devices and does some other things to strengthen the authentication process.

alias

Contributors to this page: amette and Marc Laporte .
Page last modified on Sunday 12 November, 2017 11:40:46 UTC by amette.

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting 7.x
Administration
Ajax 2.x
Articles & Submissions
Backlinks
Banner
Batch 6.x
BigBlueButton audio/video/chat/screensharing (5.x)
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution 2.x
Cookie
Copyright
Credits 6.x
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs 8.x
DogFood
Draw 7.x
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Group
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping 3.x
Mobile Tiki and Voice Tiki
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Payment 5.x
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Score
Search engine optimization (SEO)
Search
Security
Semantic links 3.x
Share
Shopping Cart 5.x
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags 2.x
Task
Tell a Friend, alert + Social Bookmarking
Terms and Conditions
Theme
TikiTests 2.x
Timesheet
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
WebHelp
Webmail and Groupmail
WebServices 3.x
Wiki 3D
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives 4.x
WYSIWTSN 4.x
WYSIWYCA
WYSIWYG 2.x
XMLRPC




Useful Tools