Mahara

Multifactor authentication / WebAuthn support for logins

Bug #1861714 reported by Kristina Hoeppner on 2020-02-03

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Wishlist	Unassigned

Bug Description

Securing passwords becomes more and more important these days. Often, two-factor or multifactor authentication is used for that and requires either an app on a phone or a YubiKey.

There is a new way that looks promising, WebAuthn https://webauthn.io :

"The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password." https://webauthn.guide

This could be beneficial for the internal Mahara login. If SSO requires MFA or similar then that is handled by SSO.

Tags:

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2020-02-16:

See https://moodle.org/plugins/tool_mfa for the new Catalyst Moodle plugin that might be of interest to check out in this context.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.