Even though I think it's a good idea, I'm struggling to think of a practical way 2FA could be used in a real life scenario on the staff side to be honest, though perhaps in small/specialist libraries it might work. For OPAC side I think any of the tools mentioned would work fine. I'm not familiar with implementing it from the server side but as a 2FA fan it's rare to see the actual app specified: usually it's just 'scan this QR code'. For staff side I do think that a hardware solution would be more practical. U2F doesn't *have* to use YubiKey, there are plenty of FIDO certified authentication products: https://fidoalliance.org/certification/fido-certified-products/ Not sure it that's at all helpful... Hugh Rundle Library Systems & Resource Coordinator Community Learning & Participation Brimbank City Council Brimbank Community and Civic Centre - 301 Hampshire Road, Sunshine T +61 3 9249 4170 M +61 437 734 108 F +61 3 9249 4351 www.brimbank.vic.gov.au -----Original Message----- From: Koha [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Narcis Garcia Sent: Wednesday, 2 May 2018 5:33 PM To: koha@lists.katipo.co.nz Subject: Re: [Koha] Koha and 2 factor authentication Any inependent tool (without 3rd parties) is better. El 23/04/18 a les 14:57, Mike D. ha escrit:
Hi, What do you think about hardware 2fa tools like Yubikey? Btw great replacement for Google Authentificator is Authy: screen protected by PIN, secure backup.
Bye
Mike pá 20. 4. 2018 v 15:45 odesílatel Narcis Garcia <informatica@actiu.net <mailto:informatica@actiu.net>> napsal:
More privacy = More freedom More independent tools = More freedom Less contract agreements = More transparency for user
El 19/04/18 a les 19:52, Kyle Hall ha escrit: > There seems to be some interest in adding 2 factor authentication to Koha. > We are trying to find out what would be the most practical and easiest way > to implement 2fa for Koha combined with what would be most useful for > libraries that would actually *use* 2fa. > > The bug report filed for it is > https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476 > > Basically, at this point we've come up with two ideas: > 1) Use Auth::GoogleAuthenticator > 2) Use PrivacyIdea ( https://www.privacyidea.org/ ) > > Implementing GoogleAuthenticator would be much simpler I think. However, my > thought is the same users that are concerned about 2fa are the same users > that are concerned about privacy, and may not be interested in it simply > because it means giving at least some data to Google. > > PrivacyIdea on the other hand would be more work for both the developer and > the system admin since it is a completely separate package that would > require installation and maintenance independent of Koha itself. However, > it is also much more powerful and can offer a myriad of 2FA options that > GoogleAuthenticator cannot. On the developer side, OTRS which is also > written in Perl has implemented and may or may not have something useful we > can crib from it ( > https://github.com/privacyidea/privacyidea/tree/master/authmodules/OTRS ). > > So, what does everything think? If you want 2FA, would GoogleAuthenticator > be a reasonable solution? > > Kyle > > > http://www.kylehall.info > ByWater Solutions ( http://bywatersolutions.com ) > Meadville Public Library ( http://www.meadvillelibrary.org ) > Crawford County Federated Library System ( http://www.ccfls.org ) > _______________________________________________ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha