-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace "Two Factor Authentication - Google Authenticator" with "oath-toolkit" code (more privacy and more security) #30195
Comments
To the best of my knowledge joomla does not use that library and the terminology of "google authenticator" is used to describe the type of authenticatication and it clearly states that But please check the code I could be wrong |
Then we should call it "FreeOTP Authenticator" and add a hint that it can also be used with GA. Just BTW: In the German plugin description "FreeOTP" is not mentioned. |
Should be interesting to know if "Two Factor Authentication - Google Authenticator" plugin uses or not google code. What code was used from developers for 2FA on "Joomla!" 3.x? And then the name (Google)! It can't really stand it! With all the tools/apps that allow you to create codes HOTP!! Davide |
@danjde the joomla code is open feel free to check it yourself and confirm what I already wrote |
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
this really should be closed as it is not an issue |
It was exactly the sloth that led Hitler to the government of Nazi Germany. Davide |
Hi Friends,
I've always wondered if there was any Google tracking code in "Two Factor Authentication - Google Authenticator" plugin.
So I'm I started looking at the libpam Google code from which it should draw and I've find this call stack:
where Google admits to have access to tocken:
printf("Warning: pasting the following URL into your browser exposes the OTP secret to Google:\n %s\n", encoderURL);
So I've write for more information to the google-authenticator-libpam developers , and open an issue (immediately archived), if you want to deepen..
Coming back to Joomla!, what do you think about "Two Factor Authentication - Google Authenticator" and Joomla! users privacy?
Why do not use code more respectful of privacy (but also of security) for Joomla!? And try to keep Google as much as possible out of our lives?
Many thanks!
Davide
The text was updated successfully, but these errors were encountered: