Additional verification methods for authentication

[kiminet]

I haven't been able to ffind a way to configure additional verification modules for the regular authentication. In addition to username and password I would like to increase the security by OTP/SMS.

The Forgotten Password-module makes it possible to configure different verification methods, such as OTP or SMS using sliders (Not used/Optional/Required). Perhaps the regular authentication could be configurable in a similar way.

[emper0r]

Hi, any update about this? is since 2017 to enable otp for login regular. thanks

[Roxyrob]

Hi @jrivard,
enforced Regular Authentication (e.g. pwd+otp) is really important as if someone can rip user and password will can simply login using "Regular Authentication" and change all of your auth method (PWD + OTP + SMS + Answers).

With a simple add of a third auth method (e.g. OTP) security could be greatly increased.

[apenadiazApk]

Hi @jrivard

Due to a virus, an attacker obtained the password of one of our colleagues and was able to authenticate. The password change module does not require Email token/OTP verification, they were able to change the password. It is possible enable this feature ? Would be very beneficial for everyone, as it is already available in the Forgotten Password module, which allows these two validations to be activated.
we are using 2.0.5 version