Open johnwason opened 7 years ago
I have no idea what it means to support it. If you think that could be provided as module please try to make one. Maybe the first step would be to support 2FA as implemented by ASP.NET Identity providers.
I can develop the module, however I am not sure how to deal with the two-step authentication. U2F and other MFA technologies use a two step login. During this two-step login, the username and password is verified, and then a challenge page is sent to receive the second factor, whether it is a code or a U2F signature. The current "ValidateUser" command in "MembershipService" can only handle the one step authentication that accepts username and password pairs. I am hesitant to develop a module supporting U2F without knowing if there are any plans to modify this design.
Maybe this could be based on @ThaerAlAjlouni 's OpenId module (in dev branch) that include the ASP.NET IDentity authentication providers. I know they support 2FA.
U2F seems to be a promising MFA technology that is gaining support. Are there any plans to add U2F support to Orchard logins?