History: Two-factor authentication
Source of version: 12
Copy to clipboard
^ See also: ((PluginTOTP)) ^
New in ((Tiki21)), it allows to enable Two-factor Authentication in order to massively increase the security of user accounts during their authentication. This avoids [https://duckduckgo.com/?va=l&t=hd&q=SIM+Swap+Attacks&ia=web|SIM Swap Attacks].
It use [https://packagist.org/packages/pragmarx/google2fa|pragmarx/google2fa], which is a PHP implementation of
* the HMAC-Based One-time Password (HOTP) algorithm specified in [https://tools.ietf.org/html/rfc4226|RFC 4226]
* and the Time-based One-time Password (TOTP) algorithm specified in [https://tools.ietf.org/html/rfc6238|RFC 6238].
TOTP is widely used, notably by
* Google Authenticator
* many options on [https://search.f-droid.org/?q=totp&lang=en|F-Droid]
* and you could even use another Tiki instance via [PluginTOTP].
With this feature, users combine their Username and Password to another authentication factor, an ephemeral secret code, when logging into Tiki, this third authentication factor (Secret Code) will be provided by the TOTP app (such as Google Authenticator).
{img src="display1701" link="display1701" width="700" rel="box[g]" imalign="center" alt="Two Factor Authentication Steps" desc="Click to expand" align="center" styleimage="border"}
!! Steps
__Step 1:__ First enable the “Allow users to use 2FA” option in the "Log In" feature in your Tiki, go to __Settings__ → __Control Panels__ → __Log In__ → __General Preferences__ tab “tiki-admin.php?page=login#contentadmin_login-1" (e.g ~np~http://www.example.com/tiki-admin.php?page=login#contentadmin_login-1~/np~) with “Preference Filters” to Avanced.
{img src="display1700" link="display1700" alt="Allow users to use 2FA" width="700" rel="box[g]" imalign="center" desc="Click to expand" align="center" styleimage="border"}
__Step 2:__ Second, install Google Authenticator® App on your mobile phone. [https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en|See] how to install it.
__Step 3:__ Thirdly check the “Enable two-factor authentication” option in the “User Preferences” page, the “Account Information” tab and click on “Save changes” button. Note that the current password is required to make changes.
At this step, you need to connect Tiki and the Google Authenticator® application by scanning the QR Code generated in the “User Preferences” page. Click on "Show QRCode" to display the QR Code, scan it using the application you installed in step 2.
{img src="display1698" link="display1698" width="700" rel="box[g]" imalign="center" alt="Tiki Enable two-factor authentication" desc="Click to expand" align="center" styleimage="border"}
__Step 4:__ Finally, when authenticating on page "Log In” (e.g. ~np~http://www.example.com/tiki-login_scr.php?twoFactorForm~/np~), take the code generated by Google Authenticator® App and enter it in the field “Two-factor Authenticator Code”.
{img src="display1702" link="display1702" width="500" alt="Tiki TWo Factor Authentication Login" rel="box[g]" imalign="center" desc="Click to expand" align="center" styleimage="border"}
!! Related links
* Original commit: [http://sourceforge.net/p/tikiwiki/code/70793]
-=Page aliases=-
* (alias(2FA))