[TYPO3-dev] Improving login security in TYPO3 (BE+FE)
Kay Strobach
typo3 at kay-strobach.de
Wed May 16 13:10:29 CEST 2012
You may checkout the prototype (qr code is currently added in login,
will be removed for production) ;)
http://forge.typo3.org/projects/extension-authenticator/repository
Regards
Kay
Am 16.05.2012 13:04, schrieb Dave Sexton:
> On Wed, 2012-05-16 at 12:28 +0200, Kay Strobach wrote:
>
>> so you have the second yubikey type i know now ;) - it's different from
>> what i know
>
> Although I've been dealing with different authenticators for a long
> time, I've only recently become aware of yubikey. I know it has a
> challenge-response option, but had assumed that the OTP functionality
> was there from day one, thanks for the info.
>
>
>> This works, as long as you do not hash the password client side ;)
>> E.g. with challenged or superchallenged setting install tool :)
>
> True, but it would work with rsa though. I personally prefer an auth
> service that has minimal impact on the UI unless it absolutely has to.
>
>> You do not need to contact google at all ;) - google just provides the
>> app and the algorithm - https://code.google.com/p/google-authenticator/
>
> Yeah, I wasn't being clear there, I used 'Google service' to
> differentiate between the internal Typo3 service and the token
> authenticator. My auth secrets do not go anywhere near Google ;)
>
> Cheers,
>
> Dave
>
>
--
http://www.kay-strobach.de - Open Source Rocks
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
Answer was useful - feel free to donate:
-
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=KPM9NAV73VDF2
- https://flattr.com/profile/kaystrobach
More information about the TYPO3-dev
mailing list