search

joomla / joomla-cms

Home of the Joomla! Content Management System
https://www.joomla.org
GNU General Public License v2.0
4.77k stars 3.65k forks source link

2FA - Joomla Secret Key - An industry standard ? #27580

Closed paoprod closed 2 years ago

paoprod commented 4 years ago

Steps to reproduce the issue

Activate 2FA authentication on backend save Disconnect Try to log in (on backend or frontend)using a password manager (i.e. 1Password or Lastpass)

Expected result

The password manager recognize and fill the 3 fields

Actual result

Password manager only recognize "User" and "Password" fields - It does not recognize "secret key" field.

System information (as much as possible)

Joomla 3.9.14 PHP 7 1password 7.3.2

Additional comments

I had a discussion with 1Password team to solve this issue on their side, but i had an answer saying it is on Joomla dev side to fix this. It seems that the HTML name "secretkey" is not an industry standard. See topic here for those who are interested : https://discussions.agilebits.com/discussion/comment/541779. Proposition from 1Password team : "Simply changing the HTML name to "OTP" or "two_factor". I have not yet tested with Lastpass i.e.

alikon commented 4 years ago

although I'd see it as a relative edge case tbh for that field

paoprod commented 4 years ago

@richard67 Maybe it mean it could be possible from version 4?

richard67 commented 4 years ago

J4 for sure .. but let's see how discussion ends .. maybe it can be done for J3. I am not the one to decide, I only wanted things not to be forgotten.

paoprod commented 4 years ago

Hi all... Sorry for that "newbie" question, but what stand the GSoC label for ?

richard67 commented 4 years ago

@paoprod Google Summer of Code.

Quy commented 4 years ago

@paoprod Please retest PR #27967. Thanks.

joomla-cms-bot commented 4 years ago

Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/27580

wilsonge commented 4 years ago

Reopening so @alikon (or someone else) can make the id change to the 3.10 branch

brianteeman commented 3 years ago

@alikon reminder

brianteeman commented 2 years ago

Thank you for raising this issue.

Joomla 3 is now in security only mode with no further bug fixes or new features.

As this issue doesn't relate to Joomla 4 it will now been closed.

If we are mistaken and this does apply to Joomla 4 please open a new issue (and reference this one if you wish) with updated details for testing in Joomla 4. cc @zero-24