@mobbyg mentioned adding support for 2FA in Discord recently. We should allow the optional use of 2FA for increased security. We can leverage the well-known Google or Microsoft authentication apps for this purpose. There are several decent Google Auth libraries implemented in PHP that take care of the heavy lifting already:
https://github.com/PHPGangsta/GoogleAuthenticator (somewhat dated)
https://github.com/Dolondro/google-authenticator (somewhat active)
https://github.com/chregu/GoogleAuthenticator.php (dated)
https://github.com/sonata-project/GoogleAuthenticator (actively maintained)
The web forms will require updating to enable users to enroll/associate and detach an authenticator with/from their account along with challenging them for a one-time PIN after username and password authentication.
@mobbyg mentioned adding support for 2FA in Discord recently. We should allow the optional use of 2FA for increased security. We can leverage the well-known Google or Microsoft authentication apps for this purpose. There are several decent Google Auth libraries implemented in PHP that take care of the heavy lifting already:
https://github.com/PHPGangsta/GoogleAuthenticator (somewhat dated)
https://github.com/Dolondro/google-authenticator (somewhat active)
https://github.com/chregu/GoogleAuthenticator.php (dated)
https://github.com/sonata-project/GoogleAuthenticator (actively maintained)
The web forms will require updating to enable users to enroll/associate and detach an authenticator with/from their account along with challenging them for a one-time PIN after username and password authentication.