Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 2FA (two factor authentication) #10

Open
adriaandotcom opened this issue Nov 11, 2019 · 10 comments
Open

Add 2FA (two factor authentication) #10

adriaandotcom opened this issue Nov 11, 2019 · 10 comments
Labels
customer request Tasks created by customers via our website

Comments

@adriaandotcom
Copy link
Contributor

adriaandotcom commented Nov 11, 2019
edited
Loading

Add 2FA so people can login with an additional check.

Thanks to @mahnouel
@adriaandotcom adriaandotcom added the customer request Tasks created by customers via our website label Nov 13, 2019
@RihanArfan
Copy link

Along with conventional TOTP, you could support WebAuthn in order to support Windows Hello, U2F Hardware keys such as Yubikey, etc.

@adriaandotcom
Copy link
Contributor Author

Great suggestion, let's add that as well.

@khrome83
Copy link

Authy is a nice integration for soft tokens. Not sure the cost or how much it ties you to Authy.

@adriaandotcom
Copy link
Contributor Author

Thanks @khrome83, could you explain how Authy is different from using Google Authenticator? You can use them both in the same manner, right?

@khrome83
Copy link

A few things.

  1. They have a integration directly with a provider. So sendgrid uses them, and its a 7 digit code. The setup is also different because of that.

  2. They ask for a master password. And they persist across device. If you use Google Auth, the recovery gets harder if someone looses there phone. With Authy the user just sets up the account on the new phone.

Also... google..

@RihanArfan
Copy link

RihanArfan commented Mar 30, 2020
edited
Loading

Also... google..

Google Authenticator is fully offline.

Authy is easily vulnerable to sim swapping attacks if you sync it with a phone number, however, if you just use it offline it's pretty much the same as Google Authenticator.

I used to use Authy because some sites like Cloudflare forced you to use them if you wanted 2FA and after a while, I absolutely hated it and would not recommend forcing people to use it.

@khrome83
Copy link

khrome83 commented Mar 30, 2020 via email

@RihanArfan
Copy link

@khrome83 Google Auth has recently gotten a pretty big update which lets you import from other devices.

@khrome83
Copy link

khrome83 commented Jun 1, 2020 via email

@adriaandotcom
Copy link
Contributor Author

adriaandotcom commented Dec 19, 2022
edited
Loading

Note to self: Guide to implement hardware keys: https://webauthn.guide/

See #668 for duplicate issue.

@adriaandotcom adriaandotcom mentioned this issue Dec 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer request Tasks created by customers via our website
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adriaandotcom @khrome83 @RihanArfan