*** This bug is a security vulnerability *** Public security bug reported:
Securing passwords becomes more and more important these days. Often, two-factor or multifactor authentication is used for that and requires either an app on a phone or a YubiKey. There is a new way that looks promising, WebAuthn https://webauthn.io : "The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password." https://webauthn.guide This could be beneficial for the internal Mahara login. If SSO requires MFA or similar then that is handled by SSO. ** Affects: mahara Importance: Wishlist Status: Confirmed ** Tags: authentication -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1861714 Title: Multifactor authentication / WebAuthn support for logins Status in Mahara: Confirmed Bug description: Securing passwords becomes more and more important these days. Often, two-factor or multifactor authentication is used for that and requires either an app on a phone or a YubiKey. There is a new way that looks promising, WebAuthn https://webauthn.io : "The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password." https://webauthn.guide This could be beneficial for the internal Mahara login. If SSO requires MFA or similar then that is handled by SSO. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1861714/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
