History: PluginTOTP
Preview of version: 20
New in Tiki22
What is Time-Based One-Time Password?
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers. In two-factor authentication scenarios, a user must enter a traditional, static password as well as a time-based one-time password to gain access to digital information or a computing system. Typically, the temporary passcode expires after 30, 60, 120 or 240 seconds.
TOTP (Time-based One-time Password algorithm) is a different use case than Two-factor authentication, which protects a Tiki instance.
This permits to manage the key (instead of putting on a smartphone) to connect to another site (which may or many not be a Tiki)
Using PluginTOTP in Tiki!
Let's suppose I am trying to connect to my Admin Dashboard, I begin by entering my username and password. Then I’m prompted for the TOTP, which I read off of the token and type into the third login field. Once I’ve done so, I’m logged in.
Step 1 : Activate pluginTOTP
Go to Control Pannel, search TOTP, check the PluginTOTP preferences and Click Apply to save changes.
Step 2 : Configure pluginTOTP
{totp secret="YOUR SECRET TOTP CODE" interval="INTERVAL IN SECONDS" issuer="YOUR ISSUER PAGE"}
If you want to use advanced options of the pluginTOTP, click at the Help button (at right corner of your wiki-page editor), search TOTP in PluginHelp tab.
You should now see something like this!
Step 3 : Authenticate
Finally, when authenticating on page "Log In” (e.g. http://www.example.com/tiki-login_scr.php?totpForm), take the code generated by Google Authenticator® App and enter it in the totpCode Field you recently created.
Code:
https://gitlab.com/tikiwiki/tiki/-/blob/master/lib/wiki-plugins/wikiplugin_totp.php