Two-Factor Authentication
To enforce security, each user accessing the application can be verified with a Two-factor authentication mechanism which requires the users to provide, other than Email and Password, also an OTP (One Time Password) that is generated by a third-party system (e.g. Google Authenticator) or transmitted to the user through a secondary channel (e.g. SMS or Email).
Within the Profile page, each user can enable two-factor authentication by selecting his preferred method. Note that, at the moment, only the Google Authenticator method is available.
Once a Two-factor mechanism has been enabled, the user during the login has to provide at the first step the registration Email and Password, once confirmed the form updates asking the user to enter the current generated OTP.
If the OTP is confirmed, the user is redirected to the Home page, else it has to retry the login again.
For security reasons, a failed login does not give any information about which Email, Password, or OTP is wrong. After 5 consecutive failed logins, a reCAPTCHA appears asking the user to complete a challenge (e.g. I am not a robot).
Google Authenticator
Within the DPS profile page, under the Security tab, users can enable the Two-Factor authentication.
By clicking the Configure button, the page displays the steps required to configure OTP generation through the Google Authenticator mobile application.
To complete the configuration, it is needed to provide the current generated OTP and the user password, which is required as a double security check.
To disable the Google Authenticator the user must provide his password for confirmation, once done the registered token became invalid.
Comments
0 comments
Please sign in to leave a comment.