Multifactor Authentication

Multifactor authentication is one of the most cost-effective mechanisms a business can deploy to protect digital assets and customer data. This plugin allows you to add this functionality to your osclass installation to protect user accounts.

No user will be forced to use this, you only present them with the option. Those who wish to use the added security can choose to enable it and others can keep logging in like noral.

If enabled by the admin and selected by the user they will, after signing in using the normal sign in form, be presented with an additional task to perform to complete their login. This requires people to have access to more than one source of information to prove their identity and greatly reduces the risk of compromised accounts due to brute force attacks or compromised credentials due to breaches in other systems.

The plugin is built so new authenticators can be regeistered with the plugin.

Included with the plugin is the Email One Time Password authenticator. This authenticator will send an email with a one time password to the user when he/she logs in that they will have to enter to complete the sign in.

Also included is Google Authenticator which allows the user to use Google Authenticator on his/her mobile phone or similar to generate a secure token used when logging in.

Specific theme layouts?

There you can easily create specific layouts for specific themes etc. There is a folder named "fragments" in the plugin forlder. Create a new folder on the same level named themes, create another folder with the name of your theme and copy the fragments folder into it. You can now edit them for a specific look for that theme.

I will release more authenticators as sepperate add-ons to extend the functionality of the plugin in the future.

Please note that this plugin requires dliCore to be installed and enabled. You can get it here.

Note that your users are free to "stack" multiple authenticators on top of each other. So they could activate to get both an email with a secret code and have to enter a token from some other enabled authenticator if they wanted to have additional levels of security and both authenticators were enabled on the site.

Note

Versions older than 1.2.0 that upgrade to the latest version might cause users to have to reenable the usage of authenticators. Best way of upgrading versions older than 1.2.0 to 1.2.0 or above is to uninstall the plugin, download 1.2.0 or above and install that version.

    Jabiulla1 year ago

    Hi i would like to have OTP for User Activation , After User Registers,an OTP to be sent to the R...
    Hi i would like to have OTP for User Activation ,
    After User Registers,an OTP to be sent to the Registered Mobile Number and the user needs to redirect to Enter OTP page after authentication the user should be activated.


    This is my desciprion what i am looking for is there any plugin for it

    Daniel Liljeberg AUTHOR1 year ago

    I have not seen one like it. I also had an older plugin where people could validate their mobile phones using an OTP (but was used after people had registered). I haven't released that though since I only made it for a use case I had myself.

    cointalk6 months ago

    Regards, in the description says that this Multifactor Authentication includes: Email One Time Pa...
    Regards, in the description says that this Multifactor Authentication includes: Email One Time Password and Google Authenticator
    this is correct?

    I use a translator and I'm not sure if I translate correctly, thank you very much.

    You may also like