Add a two step factor optional by email for the 2FAuth #297
Comments
PeopleInside
changed the title
|
Closing, WebAuthn is available in the option and maybe is a more secure method. |
|
With the WebAuth login forced the login is more secure but is not comfy and if the login is lost is a longest process to recovery, etc. Scenario:
|
|
Hi @PeopleInside, I find this to be a rather cumbersome process to sign in to an application that needs to be used during another authentication process. By the way, if the site/service you are initially authenticating to is your email provider, you would hit a dead end. |
|
I thought about that too before reopening the case. I tried for a while to use the WebAuthn only and just when I'm from a new device I need have access to another old device to be able to login or do a longer procedure of recovery by email. This situation let me think will be not bad to have a two step secure code emailed instead of have always WebAuthn only active. So I think introduce the possibility to activate the two step verification by email It will not lower security but will provide an additional option, more convenient than WebAuthn only that should remain available as option. I thought about disabling WebAuthn only because in case of a new device it creates difficulties for me to log in. When I do not have access to an old device I would have to do the long recovery procedure and so I thought that instead of having a simple login without an email verification, it would not be bad to also implement the choice of being able to have a two-step via email; more secure that have simple login without two step verification and WebAuthn only disabled. |
Is your feature request related to a problem? Please describe.
A feature request idea
Describe the solution you'd like
To improve the security will be nice if administrator, in the app settings, can enable two factor by email option.
This option should let admin and user enable an additional step after the username and password.
The option should let activate a code sent by email and before the setting is active a code should be sent as verification by email and user should insert it for activate the option.
Additional context
Actually 2FAuth is a web app that protect two factor code but doesn't support himself a two factor protection.
Will be nice add an option in the settings who let admin activate that also for users that should be able to activate the settings in their account settings.
Correct SMTP and email settings must be configured in the .env file for the app to be able to send email, for this reason I suggest to ask for the code confirmation sent by email before activate the setting.
A suggestion: in the .env file
MAIL_FROM_NAME=support only one word without spaces.
For example:
MAIL_FROM_NAME= Nameis supported
MAIL_FROM_NAME=Name and Surnameis not supported.
Spaces are not supported in the
MAIL_FROM_NAME=settings, maybe I have to see if need add the text between some symbol like""or something else to support spaces also.UPDATE:
I confirm
MAIL_FROM_NAME="Name and Surname"works.
I want also use this feature request to say thank you to the developer Bubka.
Now my app is working after your help about CSRF issue and is a very nice app!
Asap possible I will consider to do a donation for your work.
I was using Authy app but just yesterday they notice the end of support for the desktop app so I discovered your web app and is the only great solution I found!
Thank you!
The text was updated successfully, but these errors were encountered: