Add 2FA into Core

[PeteDuncanson]

We have the changes in V7 to allow us to get 2 Factor Authentication (aka 2FA) up and running via our package (https://github.com/Offroadcode/Umbraco-2FA). Ideally I'd like this to go into Core so everyone can have the 2FA security out of the box.

Business wise this would be a great "tick box" feature when clients and suppliers are validating the CMS against other options and remove yet another "if only it did that" worry.

The package still needs some work (such as Offroadcode/Umbraco-2FA#11) but no reason it can't go into V8 with some nicer UI in the new style. It would need to have a pluggable provider model so you could other authentication methods could be added in if needed.

[nul800sebastiaan]

+1

Also in v7 please.

[PeteDuncanson]

How best to do this, get it in V7 first and then let Core port to v8?

[nul800sebastiaan]

We still merge everything up to v8 from v7, so always good to start with v7 unless it's absolutely impossible to do something in v7 for some reason.

[kjac]

@PeteDuncanson +1 from me too. If you need any help let me know.

[suhailsinghbains]

Hi, is this bug still open, would love to work on it.
Thanks

[nul800sebastiaan]

FYI: Before anyone starts on this we're going to have to give a bit of guidance on what to add where. This is a pretty big update and we wouldn't want anyone spending a lot of time on coming up with an incorrect solution.

[suhailsinghbains]

Ohh, okay, no problem :)

[lssweatherhead]

@PeteDuncanson +1 from me as well: the Offroadcode 2FA package is fantastic, and I recently extended it for a bespoke project requiring Authy as a provider and both front-end Members as well as back-office User multi-factor auth and just wanted to thank you guys for all the work you'd done in getting the package out - I would be happy to help with any work to try and integrate it into the core if a general technical direction could be agreed upon. I guess it'd need to be configurable, perhaps based upon user groups or something similar?

[tiffy74]

So where are we on this? @nul800sebastiaan are you able to update on what guidance is needed and how to get it?

[FransdeJong]

What is the status of this issue? Is there a form of guidance already?

[nul800sebastiaan]

This issue has been in the up for grabs state for quite a while now and it seems nobody is ready to pick this one up.

For now we'll close this issue to prevent the list of up for grabs from becoming very stale. We're happy to re-open it if someone still thinks it's good to work on this.

If anyone is about to pick this issue up to fix it, make sure to test first if you can reproduce the problem in the latest version before you start to work on it.

Thanks!
Sebastiaan on behalf of Umbraco HQ.

[nul800sebastiaan]

Oops, that was a bit too quick. We still want this but we need to provide more guidance first, which is not something we can give in the near future. I'll apply the "idea" label to indicate this is something we definitely want somehow but it still needs additional work on our end.

[shearer3000]

any plans for 2FA in the core of umbraco 8 or 9? it really is becoming a minimum viable product (MVP) security requirement these days, well at least the option to use it or not.
thanks :)

[umbrabot]

Hi there @PeteDuncanson,

Just wanted to let you know that we noticed that this issue got a bit stale and we haven't been able to get to this idea. We will close this idea for now, as we haven't been able to prioritize it yet.

Once we get time to work on ideas that are in this category we'll review and update existing issues like this one to let you know we're working on it.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂