Closed elicoidal closed 6 years ago
@lasley @pedrobaeza @Yajo @moylop260 @dreispt @gurneyalex @sbidoul
Thanks @lasley That is very similar indeed: password authentication method is different. Not sure we can inherit this module to achieve the desired procedure during the second step.
I wouldn't recommend to develop such an addon. auth_totp
is quite awesome and easy to use, and works with an industry standard with many client apps. Besides, it lets users choose their security level. Fair enough, isn't it?
Maybe a good extension would be to do not let users choose, but enforce a given policy from the system, but it feels quite good right now as it is.
@yajo I will test the module and see if it can fulfill my requirements. Nevertheless, my proposal is to have another method which can be complementary to the current one. (as said, I will test and come back to you)
@elicoidal - I honestly have not heard of the process you are describing. Are you sure that the QR code isn't being scanned into the phone app for registering MFA devices?
We're looking at adding in the ability for push MFA, such as that which exists in LastPass Authenticator, but the process is nearly identical to TOTP. The only difference is that when the page asking for the MFA token appears, a push notification is sent to the device which then allows an unlock without the user entering the code.
@yajo @lasley test are fine: this is indeed a great module. Having company policy to force the users to use TFA by default is a must
closing on my side
Worth noting- on our end we’re planning on leveraging this core to also allow MFA via email and possibly text messages. The latter I’m torn on though, because SMS is horribly insecure (worse so than email)
Hi, It is quite frequent in China to have TFA performed via mobile (mostly Wechat, Alibaba or QQ) with the following procedure:
I wonder whether there is interest to achieve this in Odoo. It would require:
This is usually accepted simple TFA process. More complex ones could be implemented via SMS but it might imply complexity in certain countries. I can help on the Android developments as I have some resource available but I would probably need help on the Odoo part (currently fully booked and not sure to have the right guy).
Any thought?