Two-factor authentication in Loomio 2.0

Zack Public Seen by 98

Will two-factor authentication via TOTP and/or U2F (YubiKey) be supported in Loomio 2.0? If not, can this be considered? Seems like in 2019 this is a basic security feature.

GasparI Wed 21 Aug 2019 4:26PM

+1, this would be a valuable security feature.

Robert Guthrie Wed 21 Aug 2019 8:16PM

It's great to see the enthusiasm for this.

I think it would be irresponsible for us to implement more authentication code ourselves in 2019 - it's not basic at all to get it right.

So, we're going down the track of enabling OAUTH or SAML authentication per organisation, then those authentication systems can implement whatever strategies they feel are appropriate.

People could then pair Loomio with something like Gluu, which has hundreds of developers all working on making great and secure authentication flows.

Two-factor authentication in Loomio 2.0

GasparI · Wed 21 Aug 2019 4:26PM

Robert Guthrie · Wed 21 Aug 2019 8:16PM

GasparI Wed 21 Aug 2019 4:26PM

Robert Guthrie Wed 21 Aug 2019 8:16PM