Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Two-Factor-Authentication is now live

  • cdorin
  • cdorin's Avatar Topic Author
  • Offline
  • Elite Member
  • Elite Member
More
5 years 8 months ago #182780 by cdorin
We are excited to announce that we have finally launched our Two-Factor-Authentication plugin! You can use 2FA on any of your LimeSurvey instances hosted with us. Please let us know what are your thoughts about it.

Please note that the plugin is not yet part of LimeSurvey Community Edition. Therefore, please create a free account on limesurvey.org to try it. The 2FA plugin will be part of the Community Edition in one of the upcoming releases! So, stay tuned!

To activate this plugin, please check the following article: www.limesurvey.org/about-us/blog/2163-en...uthentication-plugin

Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
5 years 8 months ago - 5 years 8 months ago #182795 by DenisChenu
Replied by DenisChenu on topic Two-Factor-Authentication is now live

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
Last edit: 5 years 8 months ago by DenisChenu.
The following user(s) said Thank You: cdorin
The topic has been locked.
  • cdorin
  • cdorin's Avatar Topic Author
  • Offline
  • Elite Member
  • Elite Member
More
5 years 8 months ago #182854 by cdorin
Replied by cdorin on topic Two-Factor-Authentication is now live
Reported :). Thanks @DenisChenu!

Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
More
5 years 5 months ago #186447 by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
I have a university user who is interested in having this plugin available to their locally hosted instance.

Is this plugin available for self-hosted LS instances?
The topic has been locked.
More
5 years 5 months ago #186451 by jelo
Replied by jelo on topic Two-Factor-Authentication is now live

blocka wrote: Is this plugin available for self-hosted LS instances?

Not yet released.

As stated in the announcement it is planned to be part of the Community edition too.

The 2FA plugin will be part of the Community Edition in one of the upcoming releases!


The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • cdorin
  • cdorin's Avatar Topic Author
  • Offline
  • Elite Member
  • Elite Member
More
5 years 5 months ago #186454 by cdorin
Replied by cdorin on topic Two-Factor-Authentication is now live
Hello blocka. If you have premium, you can find it here: account.limesurvey.org/limestore (the same one we use on our LS instances)

Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
More
5 years 5 months ago #186457 by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
I am indeed a Premium member -- thanks so much, I hadn't even thought to look in the store!
The topic has been locked.
More
5 years 5 months ago #186462 by jelo
Replied by jelo on topic Two-Factor-Authentication is now live

cdorin wrote: The 2FA plugin will be part of the Community Edition in one of the upcoming releases!

Is the statement still valid? Part of the Community edition is not the case at the moment.
E.g. the LimeStore premium plugin has to be downloaded and installed. ComfortUpdate is not updating the plugin.

cdorin wrote: If you have premium, you can find it here: account.limesurvey.org/limestore (the same one we use on our LS instances)


The direct URL is this:
account.limesurvey.org/limestore?view=extensiondetails&id=49

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: cdorin
The topic has been locked.
  • cdorin
  • cdorin's Avatar Topic Author
  • Offline
  • Elite Member
  • Elite Member
More
5 years 5 months ago #186507 by cdorin
Replied by cdorin on topic Two-Factor-Authentication is now live
Hey @jelo. Yes, the statement is still valid. We will need to discuss in the near future when it will become part of CE.


And thanks for providing extra clarifications about the usage of the plugin.

Manual: manual.limesurvey.org/LimeSurvey_Manual
Bugs tracker: bugs.limesurvey.org/my_view_page.php
If you self-host and need help, contact one of our partners: limesurvey.com
Please do not contact me via PM - thank you.
The topic has been locked.
More
5 years 5 months ago #186509 by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
The implementation of this plugin is fantastic! I've tested with Google Authenticator only at this point, but if the other methods work as well, it will be super to have this released to CE !
The following user(s) said Thank You: cdorin
The topic has been locked.
More
5 years 5 months ago #186526 by blocka
Replied by blocka on topic Two-Factor-Authentication is now live
I have a suggestion:

I have noted is that if I set Force 2FA to Yes in the plugin settings, then on the login page, I still see "AuthKey (optional)"...

It might make sense to remove the text "(optional)" since if a user has enabled 2FA for their account, this is no longer true and AuthKey is mandatory for them.

Else maybe:

1) have login page show username + password, and then when user clicks on click "Login", check to see if they have 2FA enabled, and if so, display the AuthKey request their code.


2) Or (slicker) after completing and exiting username field, do AJAX call to see if 2FA enabled for that user account, and then reveal password and AuthKey field if required.
The following user(s) said Thank You: cdorin
The topic has been locked.
  • markusfluer
  • markusfluer's Avatar
  • Visitor
  • Visitor
5 years 5 months ago - 5 years 5 months ago #186575 by markusfluer
Replied by markusfluer on topic Two-Factor-Authentication is now live
Hey thank you for your review.
I'm the original author of the 2FA plugin.

Of course the (optional) should be removed in case that the 2fa is forced. I will see to make that happen as quickly as possible.

It is quite hard to get the 2-parted authentication smoothly looking via the limesurvey internal login system. We went for a stable and secure integration rather than for something that is visually pleasing in the first draft.
For a second refactoring I will try to add the "second stage" login as you've described here.
Last edit: 5 years 5 months ago by markusfluer.
The topic has been locked.
Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose