Skip to content

Issue One-Time Passwords for logon authentication #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pmslavin opened this issue May 30, 2023 · 0 comments · May be fixed by #195
Open

Issue One-Time Passwords for logon authentication #185

pmslavin opened this issue May 30, 2023 · 0 comments · May be fixed by #195
Assignees
@pmslavin

Comments

@pmslavin
Copy link
Contributor

pmslavin commented May 30, 2023
edited
Loading

This issue is to implement a 2FA system which uses one-time passwords to authenticate users at logon in addition to their username and password credentials.

The system will:

  • Generate a 20 byte secret for each user
  • Present this to users in forms which can be used by third-party authenticators:
    1. A QR code which encodes a otpauth:// URI
    2. A base32 encoded string for manual use
  • This secret will be used to generate time-based one-time passwords as described in RFC6238, having six digits, a thirty second window, and using the default SHA-1 hash
  • Secrets must be stored in encrypted form

In addition, some changes to clients (e.g. HWI) to support this scheme will be required:

  • Issue secrets to users on account creation
  • Allow secrets to be retrieved and revoked
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmslavin pmslavin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

185 issue one time passwords for logon authentication hydraplatform/hydra-base
1 participant
@pmslavin