Log in | Register
  1. Forum
  3. Non-Commercial Extensions
  5. SCLogin Enhanced Login
  7. 2 Factor Authentication?

Topic-icon 2 Factor Authentication?

Active Subscriptions:

None
10 years 4 months ago #43926 by arkofhope
Is there a plan to make SC Log-in compatible with Google two-factor authentication that is offered with Joomla x? I am able to use Google 2 factor authentication for back-end log-ins but I don't see any way to use it along with SC Login.
The topic has been locked.
Support Specialist
10 years 4 months ago #43935 by alzander
Replied by alzander on topic 2 Factor Authentication?
The SCLogin module has 2 factor authentication built-in. When a user tries to authenticate using their username and password, the SCLogin module will automatically check if that user has 2 factor authentication enabled for their account. If so, the login form should dissappear and the 'code' box appear. This process is done to be much less confusing for users that don't have 2-factor authentication enabled and have no clue what the 'secret key' box is for. You can see a quick video demonstration of what should happen below:
vimeo.com/81637368

If that's not working, it likely means that our Javascript is being blocked on your site. If that's the case, we can help you determine what's wrong and what needs to be un-blocked.

I hope that helps explain, but if you need anything else, just let me know.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
10 years 4 months ago #43945 by arkofhope
Replied by arkofhope on topic 2 Factor Authentication?
Hey Alex,

Thanks, I did not know that was built in for those who had already signed up for Two factor authentication.
I had expected something where the log-in box would show it as a third window or option for anyone that did not already have it, as the normal Joomla log-in does. Many people do not know that something like Google Authentication is even available, let alone the thousands of people who are already members of our site. So, I thought that if they see it as an option they can then discover about it and how it adds a level of protection for them, whether new registrants or existing members.

I think this would be a good thing to add in the future e since Joomla is touting it so heavily through Joomla 3.x.



Respectfully,
Blair Corbett
The topic has been locked.
Support Specialist
10 years 4 months ago #43955 by alzander
Replied by alzander on topic 2 Factor Authentication?
We won't be implementing a fixed-field for "Secret Key" any time soon. We've heard overwhelmingly from our users that the standard Joomla login module which has a 'secret key' field is very confusing to the vast majority of users that don't have it enabled. We agree with that.

Again, we fully support the two-factor authentication key with the SCLogin module. We think that we do it in such a way that isn't confusing to the user as almost all two factor authentication implementations on websites use the same flow as the SCLogin module:
* Enter username/password -> Submit
* Get a prompt for the Secret key
Examples are: Cloudflare, Google (Gmail, docs, everything), PayPal, Facebook and slews of others

I can't think of any sites, outside of Joomla, that show all 3 fields by default as it's simply confusing.

If you really are a proponent of users using two factor authentication on your site, then you should be promoting it as a feature somewhere. The user can choose (or be forced) to enable it, but I don't think the login area is the right way to promote such a feature as it, more than likely, will confuse and scare away prospective users who have no clue what a "secret key" is.

I hope that helps explain our position. Any feedback is more than welcome, of course.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Non-Commercial Extensions
  5. SCLogin Enhanced Login
  7. 2 Factor Authentication?
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS