[TYPO3-dev] Improving login security in TYPO3 (BE+FE)
Kay Strobach
typo3 at kay-strobach.de
Wed May 16 11:44:39 CEST 2012
Am 16.05.2012 11:06, schrieb Jigal van Hemert:
> Hi,
>
> On 15-5-2012 16:59, Kay Strobach wrote:
>> perhaps you know google authenticator (a software token generator).
>
> Can you give a summary for those who are not familiar with it? If you
> explain the idea you might get more response.
>
Hello Jigal,
for sure.
Basicly it's about a two factor authentification:
(JS Example, for security reasons not for production use):
http://jsfiddle.net/russau/uRCTk/
This way the user will be asked for his normal password and an
additional onetime token, which can be generated with nearly every
smartphone on the market (iOs, Android, Windows Phone)
To achieve that my prototype hooks into
$TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'][]
and locks the backend until the onetime token is inserted correctly.
Regards
Kay
--
http://www.kay-strobach.de - Open Source Rocks
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
Answer was useful - feel free to donate:
-
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=KPM9NAV73VDF2
- https://flattr.com/profile/kaystrobach
More information about the TYPO3-dev
mailing list