Skip to content

Administrative changes should be confirmed by an 2FA token instead of a password by default #7288

New issue
New issue
Open
Enhancement
Open
Administrative changes should be confirmed by an 2FA token instead of a password by default#7288
Enhancement
Labels
1. to developAccepted and waiting to be taken care ofenhancementfeature: authenticationsecurity
@j-ed

Description

@j-ed
j-ed
opened on Nov 25, 2017

Expected behavior

If the twofactor_u2f app has been installed and an external U2F key has been registered all password confirmation dialogs should be replaced by an U2F key confirmation.

Current behavior

If you're going to change a personal setting, a confirmation is usually be requested. Although the twofactor_u2f app has been installed and an external U2F key has been registered, the login password need to be entered manually instead of requesting a confirmation via the available U2F key.

Steps to reproduce

  1. Open the personal settings.
  2. Change e.g. the language setting.
  3. The login password need to be entered to confirm the change.

Environment

Server Configuration

OS: Linux 3.16.47
Web server: Apache2 2.4.29
Database: MariaDB 10.0.32
PHP version: 5.6.29
Nextcloud version: 12.0.3

Client Configuration

Browser: Mozilla Firefox 57.0
Operating system: Windows 7

Metadata

Metadata

Assignees

No one assigned

    Labels

    1. to developAccepted and waiting to be taken care ofenhancementfeature: authenticationsecurity

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions