Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pared Down Core Proposal: Two Factor Authentication. #306

Draft
wants to merge 2 commits into
base: master
from

Conversation

@georgestephanis
Copy link
Collaborator

georgestephanis commented Nov 9, 2019

This pull request is to pare down the functionality in the Two Factor plugin, to a base amount that would make it more feasible for merge into WordPress Core.

With just the Email and potentially Backup Codes methods, there's far less configuration required, and as such less opportunity for users to mistakenly lock themselves out of their accounts.

All remaining methods -- TOTP, U2F, etc -- could be considered either at a later date, or left to the purview of plugins.

George Stephanis added 2 commits Nov 9, 2019
… initial core proposal, let's keep it simple to E-Mail and backup codes.
…b account to the WordPress organizational account.
@pwaring

This comment has been minimized.

Copy link

pwaring commented Nov 9, 2019

Would this mean the end of the plugin supporting U2F and TOTP, or would that functionality continue separately to core? I use this plugin on at least 10 sites, so if it’s going to cease working after a merge into core then I’d need to find an alternative.

@voldemortensen

This comment has been minimized.

Copy link
Collaborator

voldemortensen commented Nov 9, 2019

@kasparsd

This comment has been minimized.

Copy link
Collaborator

kasparsd commented Nov 11, 2019

@georgestephanis Great to know that there is renewed interest in getting this in core. Starting with just a minimum of features sounds like a great approach!

Considering that this plugin is currently active on 10k+ sites (including all VIP Go sites as a mu-plugin), I would strongly recommend that we create a new feature plugin for WP core to avoid breaking security for sites that rely on the current feature set of this plugin.

This would also allow us to improve the codebase -- get rid of singletons, re-organize the files to support providers into separate directories with their own CSS and JS, etc.

@georgestephanis

This comment has been minimized.

Copy link
Collaborator Author

georgestephanis commented Nov 11, 2019

Right! So to answer some concerns --

This PR is never intended to be merged into the main branch. Ever. It's just here so there's an easier-to-comment-on place for the merge branch.

My hope is that whatever functionality doesn't merge into Core (U2F, TOTP, ???) remains in the two-factor plugin, so folks who have the two-factor plugin will not see any loss of functionality. Kinda how the Gutenberg plugin kept adding new blocks after core functionality was merged to core.

My only concern about TOTP is that we'd need some sort of library to generate the QR Codes for folks to scan into Google Authenticator / Authy / 1Password / etc. I'd rather not continue to depend on Google hosted apis to generate the QR Code in core.

If we do include TOTP -- and I've had this discussion with @Ipstenu and others back at the community summit in Philly years ago -- we need to make email permanently defaulted on as a fallback, as otherwise there are going to be a lot of admins who use Google Authenticator without a backup method, put their phone through the laundry machine (or drop it in a toilet, lose it, etc) and then get locked out of their site because they don't know how to FTP, having only installed WordPress through a host's one-click install. If someone opts to disable email as a fallback, we need to make it very clear that they may be permanently locked out unless they can log into the server to fix it.

(as an ancillary note, that's why I've been advocating for @authy for years, having been locked out of some accounts the first time I lost a phone and the totp keys that I was using google authenticator on)

@Otto42

This comment has been minimized.

Copy link
Member

Otto42 commented Feb 13, 2020

Including TOTP is an absolute minimum for 2FA. It's simple, the code is public and open, and generating QR codes isn't that hard if we need to include it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.