Additional two factor authentication options

accepted

#1

Introduction

The customer portal currently has 2 two factor authentication methods to use. This is a great start but it would be nice if these could be expanded on with additional options (such as security keys)

User Story

The current implementation of Email or Google Authenticator is great to improve security, but further options could be configured and improved upon.
For starters, are there any recovery codes available for the Authenticator option? This way, if I lose my phone I could still use the recovery code to get back in and disable 2FA until I can set it back up again.
Could multiple options be activated? Such as having the Authenticator app as default but an option when logging in to send an email? This would also be useful in case of a lost/broken device.

As another option that could be added, would it be possible to add FIDO U2F security keys? Personally, I find these to be much more convenient for 2FA services that support them. I understand that they are not that popular currently so this may not get added, but the more services that enable support for them the more they may take off.

It would also be great if these 2FA methods could be activated for the CMS (as i’ve seen suggested in other topics)


For the dev team to fill in:

Status

The current status and the username of the:

  • Reporter
  • Drafter
  • Implementer

Implementation

A broad description of the changes required.

Effected Software

Which parts of Xibo are effected

DB Schema Changes

Any necessary DB Schema Changes


#2

Thank you for your post.

At present the Portal does not have recovery codes but I will feed this back to the development team as a future consideration.

We will be implementing 2FA and recovery codes which will be available on the 2.1 CMS version:

FIDO U2F security keys will not be available, but again I will feed this request back.

Many thanks

Natasha