Hello Seb, Sorry for a late response, I'm on vacation :)
I would +1 this feature :) The problems we'll need to solve - add 2fa mechanisms other than email (not sure if apps like "Google authenticator" has open source API :(, we can use telegram API ....) - we'll need to move this out of om_user db table (maybe with activation_hash and *reset-password-hash* Need to be investigated and carefully refactored :) from mobile (sorry for typos ;) On Wed, Aug 3, 2022, 10:15 seba.wag...@gmail.com <seba.wag...@gmail.com> wrote: > Not many pros or cons in this discussion. > > But I think it would be a good option to have available for users. As well > as a good feature to advertise for. Especially in order to use OpenMeetings > in a Gov/Education environment where compliance may require to have 2 > factor auth for applications in order for using it. > > So I assume I can create some tickets and get this on the way. > > Thanks > Seb > > > > Sebastian Wagner > Director Arrakeen Solutions, OM-Hosting.com > http://arrakeen-solutions.co.nz/ > https://om-hosting.com - Cloud & Server Hosting for HTML5 > Video-Conferencing OpenMeetings > > <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> > <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> > > > On Mon, 1 Aug 2022 at 09:31, seba.wag...@gmail.com <seba.wag...@gmail.com> > wrote: > >> I would like to add a ticket to investigate and look into adding 2 factor >> authentication to OpenMeetings. As an optional feature, default would be >> turned off. >> >> There are various libraries to achieve 2 factor auth. I would >> probably prefer using the Google Authenticator as a method since it seems >> the most widely adopted authenticator. >> >> In terms of turning it on/off I would add 2 flags: >> - On a per server basis a flag to generally turn 2 factor auth on or off >> - On a per individual account basis so you can turn 2 factor auth on/off >> for an individual user >> >> This would not affect past installations. >> This would not affect logging in via Soap/Rest. >> >> I think this would be a good feature to improve security. >> >> Let me know what you think, and I will add a ticket and look into adding >> this over the next few weeks. >> >> Thanks >> Seb >> >> Sebastian Wagner >> Director Arrakeen Solutions, OM-Hosting.com >> http://arrakeen-solutions.co.nz/ >> https://om-hosting.com - Cloud & Server Hosting for HTML5 >> Video-Conferencing OpenMeetings >> >> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >> >
