Comments (3)
There is a small chicken and egg problem with this one. If we configure it as an early factor, then we can trust a device without going through other factors. But if we configure it to be done last we'll never get to it. The UX in google is that this is built into the other factors as a 'Remember me on this device' when you verify them.
Perhaps the cleanest architecture is the order doesn't matter but we have a 'post_verify' method that any factor can hook into to provide a page where people can opt into this.
from moodle-tool_mfa.
Rewording this slightly to address the general 'Trust this device for x time' Feature
from moodle-tool_mfa.
Cross posting from #15 :
Proposal:
A cookie with a code stored on the client side, provided to the auth page to verify.
Requirements for cookie:
There is only one presented code.
An incorrect cookie with a current timestamp should be an instant factor lock
The IP coming in with a cookie MUST be the same as a 'lastverified' and that must have been within 24 hrs.
The cookie can only be set by an input factor, and ONLY if an input factor was used to verify
Considerations: This is a potential weakening of MFA due to device theft etc. Integrate with other factors. Factor reliance API? Might be achievable with just points
from moodle-tool_mfa.
Related Issues (20)
- WebAuthn not allowing security key registration on Totara HOT 6
- Possible to remove "I don't have my device" option for Authenticator App TOTP HOT 3
- Factor plugins not showing up in language customisation/AMOS. HOT 3
- Authenticator app enable HOT 1
- Feature(Request,Proposal) - Optional Two-Factor Authentication HOT 6
- Clearly document end of life of this plugin for Moodle, and clarify totara support
- Email factor unit test failures
- qr code invalid when setting up TOPT HOT 2
- Totara 18 now includes paragonIE used in totp factor. HOT 4
- MFA login TOTP Query
- MFA not Working in Moodle 4.3 (Build: 20231009) HOT 2
- Using email MFA behind VPN with private-range IP addresses results in exception HOT 1
- Exemption factor as git submodule via SSH breaks public cloning HOT 1
- Clicking "I didn't receive a code" for e-mail auths lets the user login anyway HOT 3
- Authenticator app option is not working HOT 2
- Cohort factor lists only 25 cohorts. HOT 2
- Grace mode quirk with factors that return UNKNOWN status
- Coding error detected, it must be fixed by a programmer: Unknown method called against tool_mfa\output\renderer :: guide_link
- 4.3 upgrade broken by higher version than core HOT 16
- TOTP authenticator failing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from moodle-tool_mfa.