Additional two factor authentication options


#1

Introduction

The customer portal currently has 2 two factor authentication methods to use. This is a great start but it would be nice if these could be expanded on with additional options (such as security keys)

User Story

The current implementation of Email or Google Authenticator is great to improve security, but further options could be configured and improved upon.
For starters, are there any recovery codes available for the Authenticator option? This way, if I lose my phone I could still use the recovery code to get back in and disable 2FA until I can set it back up again.
Could multiple options be activated? Such as having the Authenticator app as default but an option when logging in to send an email? This would also be useful in case of a lost/broken device.

As another option that could be added, would it be possible to add FIDO U2F security keys? Personally, I find these to be much more convenient for 2FA services that support them. I understand that they are not that popular currently so this may not get added, but the more services that enable support for them the more they may take off.

It would also be great if these 2FA methods could be activated for the CMS (as i’ve seen suggested in other topics)


For the dev team to fill in:

Status

The current status and the username of the:

  • Reporter
  • Drafter
  • Implementer

Implementation

A broad description of the changes required.

Effected Software

Which parts of Xibo are effected

DB Schema Changes

Any necessary DB Schema Changes