Support two factor authentication

Chocobozzz / PeerTube

ActivityPub-federated video streaming platform using P2P directly in your web browser

https://joinpeertube.org/

GNU Affero General Public License v3.0

13.07k stars 1.51k forks source link

Support two factor authentication #1146

Closed mkoppmann closed 2 years ago

mkoppmann commented 6 years ago

It would be great to have support for 2FA. Preferably TOTP and U2F.

Maybe I will have some time to implement this feature.

mkoppmann commented 6 years ago

What would be a good starting point for implementing this? Should this be implemented as a middleware?

In the first run TOTP should work together with some fallback recovery codes. Also a function for admins to remove 2FA for specific users if they can prove somehow, that they lost access to their token generator and recovery codes.

Later U2F support can be added.

andyrtr commented 4 years ago

There should be TOTP, U2F and WebAuthn support available over all fediverse network. Every project has similar open issues while some already have TOTP two factor authentication implemented.

test2a commented 4 years ago

@Githubuxer i am not sure 2fa protects against credential leaks, although it is useful incase you are locked out of your account due to you forgetting the password, someone doing man in the middle attack and in those cases, you have something physical to authenticate yourself with

kimsible commented 3 years ago

Is there any work to implement this ? It would be a very nice feature, especially to secure admins or moderators accounts.

OddHouseGames commented 2 years ago

Looking forward to the implementation of this functionality. It's one of my only digital accounts that lacks any kind of 2FA.

dwbit commented 2 years ago

Hey there! Is this one being considered as an upcoming roadmap item? It is one of the only services that I use, that isn't protected by an additional layer of security.

rriemann commented 2 years ago

For uses cases in larger organisations, access management to have multiple users managing one channel/account is importantant and also single sign on. If then single sign on has two-factor authentication, this would also do the trick.

Chocobozzz commented 2 years ago

Implemented OTP in https://github.com/Chocobozzz/PeerTube/commit/56f47830758ff8e92abcfcc5f35d474ab12fe215 https://github.com/Chocobozzz/PeerTube/commit/d12b40fb96d56786a96c06a621f3d8e0a0d24f4a https://github.com/Chocobozzz/PeerTube/commit/2166c058f34dff6f91566930d12448805d829de7 https://github.com/Chocobozzz/PeerTube/commit/a69ea13086273fc6659c153be93f0f5b37aad733 https://github.com/Chocobozzz/PeerTube/commit/a3e5f804ad821f6979e8735b0569b1209986fedc

DiamantTh commented 4 weeks ago

Hi there,

I know they say it's done when it's done.

What is the current status of Fido2/WebAuthN?

Greetings go out.