mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-05 00:29:48 +03:00
Two-factor authentication #438
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @genxlee on GitHub (Sep 19, 2017).
^
@s0n- commented on GitHub (Sep 22, 2017):
Do you use a specific 2 factor vendor? I know I have requested Okta or SSO support.
@adambirds commented on GitHub (Sep 28, 2017):
This is definitely needed, if it could be compatible with Google Authenticator that would be great.
@Flemming-H commented on GitHub (Sep 28, 2018):
Hi
2-factor with Google Authenticator is a great idea
@lwl12 commented on GitHub (Dec 8, 2018):
Need it too!
@guenth commented on GitHub (Dec 21, 2018):
Google auth (so it's compatible with authy) would be wonderful!
@lwl12 commented on GitHub (Dec 21, 2018):
Actually, they are all based on TOTP, so just use this protocol and we can use it in many APPs~
@fourthdimension commented on GitHub (Feb 7, 2019):
This would be a great feature!
@cyclinggeorgian commented on GitHub (Sep 22, 2019):
Definitely voting on TOTP implementation. This would be great enhancement to the security of the whole platform. And just think of all the popularity points project going to score with this implementation :-).
@Cave-Johnson commented on GitHub (Sep 22, 2019):
Would definitely like to add my +1 to TOTP support
@Cave-Johnson commented on GitHub (Oct 24, 2019):
Came across this project recently, could this be implemented to deliver TOTP support?
https://github.com/Spomky-Labs/otphp
@ssddanbrown commented on GitHub (Mar 13, 2020):
Just to flesh this out a little further, What kind of controls would you want for 2FA? For example, would you want to force 2FA on all users? Let users decide? User-level control by admins? Something else?
Not looking for extra ideal, just want to know what you'd specifically want for your environment(s).
I'm assuming, for new users and for newly-admin-enabled-2fa users, we'd force a "Setup 2FA" step upon login?
We we need to implement a backup system? Or would an admin CLI command suffice to disable 2FA for system/specfiic-account suffice in scenarios where access is lost.
@fourthdimension commented on GitHub (Mar 13, 2020):
Should be implemented system wide for all users. Let the admin decide to
enable or disable. Users would not have control over enabling or disabling.
It would be best to force setup of 2fa upon login. CLI command would
suffice where access is lost, for now.
Hope this helps to understand our environment better.
Dru
On Thu, Mar 12, 2020, 6:48 PM Dan Brown notifications@github.com wrote:
@ssddanbrown commented on GitHub (Apr 8, 2020):
Thanks for the input @fourthdimension.
@ssddanbrown commented on GitHub (Apr 8, 2020):
Realized we have duplicate issues for this, Will close this off in favour of #1118. Although this was the original, #1118 has more up-votes to indicate user-need and therefore more likely to be looked at when choosing features to implement.
For any further comments, please add them to #1118.