Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
2 factor authentication
#1
Hi there! My clients are asking for 2 factor authentication. I didn’t find any plugin for that. Does anyone have an idea how to get working for /admin/ site? Smile
Reply
#2
There are lots of sms services out there that will give you their api
that you can use directly in the get-simple cms
just do a google about it
Reply
#3
Ok thanks. I will check them out. I can't say I'm a coder, so let see how it goes Big Grin 

Has any one tried something like this:
1. give username and password. 
2. Get-simple generates one-time code valid for 2h (for example). Get-simple sends email to user's given email.
3. site asks for one-time code
4. give the right code and get-simple let's user to login. If wrong, user can try 3 times before denied access for 1h etc.
Reply
#4
Yes, it was several years ago, but not with GS directly, a custom approach with ItemManager:
https://ehret-studio.com/articles/itemma...anagement/
If it necessarily has to be a GS admin access, you can use this method and generate a session cookie for GS access manually on successful registration/login.
Also, there I used an access key, but no timestamp for its expiration time. This is not a problem, you can use a user object's modification date for this purpose.

Here's a demonstration:
https://demos.ehret-studio.com/user-admin/user/
Note, I used mail() in my example, but you should go with SMTP.

GitHub repo:
https://github.com/bigin/IM-UserManager/tree/master
Reply
#5
Ok thanks so much. I will check this out Smile
Reply
#6
Hi
I checked the link to the itemmanager https://demos.ehret-studio.com/user-admin/login/
But this shows only a user login example.
A two factor login works with a second verification.
Reply
#7
Hello,

Yes, that's right. But I answered to this question:
(2021-11-03, 05:51:12)acenda Wrote: Has any one tried something like this:
1. give username and password. 
2. Get-simple generates one-time code valid for 2h (for example). Get-simple sends email to user's given email.
3. site asks for one-time code
4. give the right code and get-simple let's user to login. If wrong, user can try 3 times before denied access for 1h etc.

There is a key generated during the registration and the email address needs to be verified with it. You could use this and also extend your login process and utilize the same method to generate a one-time key.
https://ehret-studio.com/articles/itemma...anagement/
Reply
#8
Hi Bigin,
thanks for replying,

Quote:There is a key generated during the registration and the email address needs to be verified with it.
You could use this and also extend your login process and utilize the same method to generate a one-time key.

What I understand from a two factor login, is what makes it strong is by doing the second verification step
not over the internet but over a different network such as a mobile phone network e.g. with an sms
Reply
#9
Hi Bigin,
Can you help me with this ?

I have to make a website for someone. This time I don't want to make the Contact Form as usual.

I remember I have read somewhere that you can use ItemManager to build your own Contact Form
for use on a Website. I mean using ItemManager to store what a visitor enters in the Contact Form
and then send that data to the owner of the website. Just can't remember where I have read that.
Maybe you can point to an example or info how to set it up with ItemManager.
Thanks
Reply
#10
Hi,

(2021-11-11, 04:29:04)Felix Wrote: What I understand from a two factor login, is what makes it strong is by doing the second verification step
not over the internet but over a different network such as a mobile phone network e.g. with an sms

Yes, indeed, two-factor authentication is best done by sending the code via SMS or with the use of an app such as Google Authenticator or Authy.
We also use two-factor authentication with an SMS service (I'm not sure, perhaps MessageBird), which is not cheap...


(2021-11-11, 04:40:11)Felix Wrote: I mean using ItemManager to store what a visitor enters in the Contact Form
and then send that data to the owner of the website.

Yes it's simple, all you need for this is ImForms plugin, it will do the job ;-)

(2021-11-11, 04:40:11)Felix Wrote: I remember I have read somewhere that you can use ItemManager to build your own Contact Form
for use on a Website. Just can't remember where I have read that.
Maybe you can point to an example or info how to set it up with ItemManager.

Maybe this is what you were looking for? http://get-simple.info/forums/showthread...9#pid63119
There you will also find a link to download a custom processor for the plugin.
Reply
#11
Hi Bigin,
Thanks for the reply and pointing to ImForms,

Yes - ImForms was exactly what I couldn't think of anymore (getting old ?)
For my new website to replace the usual boring contact form php with ImForms
and learn something more useful to build functions more efficient.
Thanks for the links how to get started with it.
Reply




Users browsing this thread: 1 Guest(s)