Dokuwiki: feature request: two factor authentication support for fido U2F / fido2 / webauthn

Created on 28 Jul 2019  路  4Comments  路  Source: splitbrain/dokuwiki

It would be great to have strong two factor authentication via hardware tokens supporting one of the fido standards like yubikey or nitrokey.

It would be nice if 2fa could be enforced by admins and more than one token per account (backup token) were supported.

https://fidoalliance.org/specifications/

There are PHP libraries available for webauthn.
https://github.com/search?l=PHP&q=fido&type=Repositories

Doku Plugin idea

Most helpful comment

Just for the record:
We are aware about this plugin but that implements OTP, which is based on shared secrets and significantly weaker than hardware security tokens using public key cryptography where only the public key part is needed on the server side.

It would also be great if strong authentication would be a core part of dokuwiki and not a 3rd party plugin.

All 4 comments

Though this is a great idea, I will close this since there is already plugin:twofactor with a variety of (sub) plugins including plugin:twofactorgoogleauth. You may want to create the issue in wilminator/dokuwiki-plugin-twofactor instead.

Just for the record:
We are aware about this plugin but that implements OTP, which is based on shared secrets and significantly weaker than hardware security tokens using public key cryptography where only the public key part is needed on the server side.

It would also be great if strong authentication would be a core part of dokuwiki and not a 3rd party plugin.

@phy25 Maybe reconsider this decision as the plugin does twofactor-authentication in addition to still necessary first factor username/password. Webauthn aims to replace passwords completely and is therefore another technique which should be built in into main product.

You can still implement an auth plugin with no username required.

Was this page helpful?
0 / 5 - 0 ratings