[TYPO3-dev] Improving login security in TYPO3 (BE+FE)
Kay Strobach
typo3 at kay-strobach.de
Wed May 16 13:06:28 CEST 2012
Hello Jigal,
Am 16.05.2012 12:56, schrieb Jigal van Hemert:
> Hi,
>
> On 16-5-2012 11:44, Kay Strobach wrote:
>> This way the user will be asked for his normal password and an
>> additional onetime token, which can be generated with nearly every
>> smartphone on the market (iOs, Android, Windows Phone)
>
> Hmm... it seems to depend on two things which can be problematic:
> - an accurate time on the server
-> can be skipped, if you don't use time based, but counted tokens.
-> anyway time should be accurate ;) and they can differ be 2 minutes
without any problem ;)
> - a smartphone (or the server needs a text message / voice service)
It's also possible to send the onetimetoken via mail ;), the
message/voice service is just the fallback.
But you're right, you need a device, which shows you the token.
>
> Fine for an extension, but I don't think it will be something to have in
> the core.
I just wanted to start it as extension ;). If the core team likes it, it
can be surely added to the core ;)
Regards
Kay
--
http://www.kay-strobach.de - Open Source Rocks
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
Answer was useful - feel free to donate:
-
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=KPM9NAV73VDF2
- https://flattr.com/profile/kaystrobach
More information about the TYPO3-dev
mailing list