New in Tiki21, it allows to enable Two-factor Authentication in order to massively increase the security of user accounts during their authentication.
It use pragmarx/google2fa, which is a PHP implementation of
- the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226
- and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
TOTP is widely used, notably by
- Google Authenticator
- many options on F-Droid
- and you could even use another Tiki instance via PluginTOTP.
With this feature, users combine their Username and Password to another authentication factor, an ephemeral secret code, when logging into Tiki, this third authentication factor (Secret Code) will be provided by the TOTP app (such as Google Authenticator).
Step 1: First enable the “Allow users to use 2FA” option in the "Log In" feature in your Tiki, go to Settings → Control Panels → Log In → General Preferences tab “tiki-admin.php?page=login#contentadmin_login-1" (e.g http://www.example.com/tiki-admin.php?page=login#contentadmin_login-1) with “Preference Filters” to Avanced.
Step 2: Second, install Google Authenticator® App on your mobile phone. See how to install it.
Step 3: Thirdly check the “Enable two-factor authentication” option in the “User Preferences” page, the “Account Information” tab and click on “Save changes” button. Note that the current password is required to make changes.
At this step, you need to connect Tiki and the Google Authenticator® application by scanning the QR Code generated in the “User Preferences” page. Click on "Show QRCode" to display the QR Code, scan it using the application you installed in step 2.
Step 4: Finally, when authenticating on page "Log In” (e.g. http://www.example.com/tiki-login_scr.php?twoFactorForm), take the code generated by Google Authenticator® App and enter it in the field “Two-factor Authenticator Code”.
- Original commit: http://sourceforge.net/p/tikiwiki/code/70793