Skip to content

Two-step Verification #34

New issue
New issue
Open
Open
Two-step Verification#34
Assignees
pnikolov
Labels
featuremedium prioritysecurity
Milestone
 
next
@sandio

Description

@sandio
sandio
opened on Jan 12, 2015

Introduce a more secure way to access the Admin, as this could sometimes be critical.

This should work as an option per user and not system-wide. For example, Admin accounts use two-step verification, whereas moderators log in normally.

Two-step verification can be achieved though:

  • after logging in with a password a verification code is sent as a text message,
  • after logging in with a password a verification code is sent to an app we build,
  • QR or similar codes are used to identify a unique device owned by the account holder (e.g. personal smartphone). Pins or passwords can be used together with the QR code.

Two leading two-step verification methods used by Google and Verizon:
http://www.verizonenterprise.com/news/2014/08/security-qr-code-encryption-login
http://www.google.com/landing/2step/

Metadata

Assignees

Labels

featuremedium prioritysecurity

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions