It's certainly possible too 100% roll-your-own but that is a huge task! I'm all for full-control and the only third-party package (or similar) I'd consider putting into a project is usync (#h5yr!) - everything else is ours with no outside dependency... That being said, 2FA is a place where I bend as I'm not looking to also develop an app, etc… ;)
I'd encourage deference to google or other provider if that extra layer of safety is truly important. The noted documentation is right to call out, at the very bottom,:
~"a one-time password on e-mail or phone (…) are not considered as
secure as App Authentication"
Hopefully the link helps get you started. Happy coding to ya', whatever you end up deciding to implement.
Implementing custom 2FA for members
Our project requires two login methods for members (just to clarify, the login is in razor page, not the login to the backoffice):
Log in via username and password. (implemented using
Loginmacro snippet).Log in via 2FA - entering mobile phone, receiving code and submitting it.
Is there a built-in functionality in Umbraco that allows a member to login via entering their mobile phone and submitting the code?
The
Loginmacro snippet in Umbraco has a 2FA code but it relies on external providers. We'd like to implement our own custom 2FA.The documentation lacks an explanation on creating a custom 2FA that does not rely on external providers such as Google or Facebook.
Any help would be appreciated.
We've just implemented 2FA-membership for a client using https://our.umbraco.com/Documentation/Reference/Security/Two-factor-authentication/index-v930 as a starting point.
It's certainly possible too 100% roll-your-own but that is a huge task! I'm all for full-control and the only third-party package (or similar) I'd consider putting into a project is usync (#h5yr!) - everything else is ours with no outside dependency... That being said, 2FA is a place where I bend as I'm not looking to also develop an app, etc… ;)
I'd encourage deference to google or other provider if that extra layer of safety is truly important. The noted documentation is right to call out, at the very bottom,:
Hopefully the link helps get you started. Happy coding to ya', whatever you end up deciding to implement.
is working on a reply...