[Koha-bugs] [Bug 28786] Two-factor authentication for staff client - TOTP
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 18 14:04:29 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786
--- Comment #85 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Great! We have a base for 2FA in staff herewith.
Imo we could push this while keeping in mind that several follow-up reports are
in the pipeline including encrypting the secret, not exposing the secret via a
Google Charts URL, and others.
Early push will make us aware of problems in connection to changes in C4/Auth
done here.
Note: The secret being passed in again has the protection of the CSRF token. It
would be nice however to discuss the expiry time of these tokens. We have 8
hours still. Should we be more strict? Open a new report and propose something.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list