Support 2-factor (2-step) authentication (2FA) #7
Comments
seansfkelley
changed the title
This comment has been minimized.
This comment has been minimized.
seansfkelley
changed the title
|
More and more people are using 2FA. Any advancement on this? Any way to help on the dev on this? |
All that really needs to happen is for someone to sit down and implement it. I'd happily review a PR, but I don't have any spare time for the foreseeable future to work on this project. There's even a pattern one could follow in the fix to #190, though this quote from the original comment still applies:
|
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Just installed this plugin and cant use it sadly as there's no support for 2FA :( Then just read that announcement, what a complete bummer. |
Create specific account with no 2FA and restricted rights to connect him |
In version 0.9.x and before, two-factor authentication accidentally worked in some extension/browser/DSM combinations due to the way cookies behave. I was forced to close out that accidental feature when DSM 6.2.4/7.0 made an unannounced breaking change causing the extension to start logging people out of their non-extension login sessions.
As a workaround, since the extension doesn't interact with any DSM session you might have outside the extension (i.e. in a browser tab), you can create a separate user with very few permissions but no second factor for use only with this extension. Alternately, you can downgrade to 0.9.3.
This may interact really poorly with the existing auto-relogin behavior, because sessions sometimes expire at weird times, but we can't store the second factor (by design) to log back in.
As a stop-gap for all the people asking for this, maybe I could introduce a "share login with browser" checkbox which disables the login behavior in the extension and asks people to login with a browser tab, thereby getting 2FA via a side channel again.
The text was updated successfully, but these errors were encountered: