Open RichardTaylor opened 7 years ago
This was by design as we felt that needing a copy of the recovery keys for every login would be pretty annoying, and also insecure as you'd have to carry codes around. SMS works better for this as you only have a valid code on you for 30 seconds or so before you log in.
What's your thinking behind this?
I think using Google Authenticator would make most sense if we wanted to support this, but I don't know what the implication would be for Alaveteli installs in less developed countries.
I raised this ticket as a result of noting the the current two-factor authentication system (which protects password resets) with new volunteers and others and observing it's not perhaps what might be expected when one says two factor authentication is a feature the system has. So I thought I'd add a ticket for discussion of a broader implementation of some form of two factor authentication.
I agree codes would be a hassle. Presumably an app or texts would be the way to go.
Ideally I think the system would offer the use of either Google Authenticator or a (flash) SMS... Given how widespread mobile phones are even in the Global South, I think the chances of someone who is an Alaveteli super user not having access to a mobile phone that can receive SMS is fairly low - it'd at least be a good fallback if Google Authenticator is not available to someone.
RE: SMS, its more that there's an extra cost and complexity burden for partners in setting up a service to handle it.
Caution two factor authentication can impact accessibility, see thread
https://twitter.com/blaine/status/1465726248873648136
It should be OK as an opt-in option though, and for administrators.
https://github.com/mysociety/alaveteli/issues/4093#issuecomment-314043913
@RichardTaylor, you mention SMS and recovery secrets. You even mention rotating authentication keys. However, instead of Google or Authy's proprietary secrets protocol, have you considered the standardized TOTP specification?
It is commonplace, and operates offline.
Currently there is an option of two factor authentication for administrators resetting passwords; but there isn't two-factor authentication for every login.
Related: Increase security of superuser accounts #2697