Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Two-Factor Authentication for SMF using TOTP protocol #2547
This PR adds support for 2FA for SMF using TOTP protocol, allowing users to register a secondary layer of authentication via a device with app such as Google Authenticator, Authy, Duo Mobile etc.
This implementation is based on RFC 6238 Time-Based One Time Password protocol, The user can register a secondary 2FA device via their Account Settings profile area allowing them to add a layer of security upon logging in. This setup provides them a backup code as well, should they lose the device they can use this (it is recommended to store this backup code in a secure place and use only in emergency).
Internally the authentication is stored in a cookie generated with the data sha512(tfa_backup + password_salt), this is checked in loadUserSettings and the user is logged out if it fails and is forwarded to 2FA login screen.