Feature #5784
multi-factor authentication
0%
Related issues
History
#1 Updated by Greg Shah over 2 years ago
- Related to Feature #3931: single sign-on for virtual desktop mode added
#2 Updated by Greg Shah over 2 years ago
Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA - a version of MFA with only 2 factors) is an important measure for adding security to modern systems. Relying upon a password alone is long since been proven to be a terrible idea. I expect that this will become a hard requirement for all business systems in the near future.
This task is envisioned to implement a foundation within FWD so that interactive logins can be secured via standard MFA approaches. I would want the following to be easily possible for any customer that is using our login facilities (virtual desktop mode, embedded mode, Swing GUI and even interactive ChUI cases).
- FIDO2 and Universal 2nd Factor (U2F) - this is widely used and can be integrated with Yubikey and other 3rd party hardware solutions
- Time-based One-Time Password (TOTP) and HMAC-based one-time password (HOTP) which can commonly be used from something like Google Authenticator
- SMS one time codes - this is not as secure because it can be bypassed with SIM spoofing/cloning/porting, but it is still much better than the alternative of nothing
I think in the browser case, we probably need to integrate with the MFA support of the browser itself since any usage of a USB or NFC key can only work with some hardware access.