[TYPO3-dev] Improving login security in TYPO3 (BE+FE)
Dave Sexton
list-typo3 at jack.org.uk
Wed May 16 13:04:54 CEST 2012
On Wed, 2012-05-16 at 12:28 +0200, Kay Strobach wrote:
> so you have the second yubikey type i know now ;) - it's different from
> what i know
Although I've been dealing with different authenticators for a long
time, I've only recently become aware of yubikey. I know it has a
challenge-response option, but had assumed that the OTP functionality
was there from day one, thanks for the info.
> This works, as long as you do not hash the password client side ;)
> E.g. with challenged or superchallenged setting install tool :)
True, but it would work with rsa though. I personally prefer an auth
service that has minimal impact on the UI unless it absolutely has to.
> You do not need to contact google at all ;) - google just provides the
> app and the algorithm - https://code.google.com/p/google-authenticator/
Yeah, I wasn't being clear there, I used 'Google service' to
differentiate between the internal Typo3 service and the token
authenticator. My auth secrets do not go anywhere near Google ;)
Cheers,
Dave
More information about the TYPO3-dev
mailing list