datastorm-open / shinymanager

Simple and secure authentification mechanism for single shiny applications.
https://datastorm-open.github.io/shinymanager/
388 stars 81 forks source link

Enhancement: Add two factor authentication option #145

Open CurtisPetersen opened 2 years ago

CurtisPetersen commented 2 years ago

I believe that this could be done with a number input after the password for a time-based one-time password (TOTP). Validating the credentials and the TOTP could be done by checking against the Google Authenticator App API outlined here: https://rapidapi.com/chdan/api/google-authenticator/tutorials/easy-two-factor-authentication-(2fa)-with-google-authenticator

In the log-in UI there would also have to be a link to the QR code URL for the user to set up the TOTP.

As an increasing number of organizations are requiring 2-FA this can help data scientists trying to share their work to continue to be compliant with up-to-date security protocols.

sciordia commented 1 year ago

Another 2-FA option would be to use for example the Pushover notification system. Once the credentials are confirmed, a textfield could appear where you could enter the code sent by pushover to your mobile or desktop app. I think the implementation would be relatively simple and the result would be very professional. The Google Authenticator option is also good.

Do you think that one of the two options (or even both) could be incorporated into Shinymanager? Security issues are very important in our developments and companies are demanding more and more security, only the confirmation of credentials is insufficient.

sciordia commented 9 months ago

I would like to appeal to the developers of the package. We have been waiting for quite some time for a 2-factor identification system to be included but you have not commented on it.

Are you planning to include a 2-FA system in the near future, please?

I think that nowadays almost any access control and identification system should have 2-FA. Could you consider it, please?

bthieurmel commented 7 months ago

Hi. Of course a very good point / idea, but unfortunately we don't have enough time at moment for (free) shinymanager enhancements... :-(