Jump to content
TNG Community
Rob Severijns

2-factor authentication in TNG

Recommended Posts

Rob Severijns

Hi everyone,

Quote

Doesn’t making the Username case insensitive lower the level of security?

Yes, somewhat. But we've come through twelve versions of TNG without needing it.  I just think it's not the best way to achieve added security, since the username has generally been the 'user friendly' portion of a login. As I have said,  I have logins to dozens of websites, and don't beleive any of them are username case sensitive.  However, many of them are adding a second level of security, but not through the username, but with texts to the profile's phone number, or an email for confirmation. It is likely impossible to achieve that within TNG.

I agree that the loss of level of security with case insensitive usernames is minimal.

But it made me wonder about something else.

Many of us genealogists keep private data of living persons in our databases.

GDPR forces us to mitigate the possibility of dataleaks and protect the privacy of the personal data in the database.

There are several ways to achieve this like HTTPS via SSL, the required login with a useraccount and the priivacy settings in TNG itself.

Now a days many websites use 2-factor authentication to make sure the right person is logging in.

This 2-factor authentication is not build in into TNG (yet) but it might be an idea for future releasses. 

In my opinion the more we can do to protect personal data the better it is or is this idea over the top?

 

Rob

Share this post


Link to post
Share on other sites
Renze

It should actually be added as a matter of urgency. Especially since privacy legislation demands this from us.
Not the way to log in. But how we protect the personal data.
I would use it! 

Share this post


Link to post
Share on other sites
Ken Roy

How you protect data and GDPR is already addressed in TNG since TNG 12.0.1  You may have to set some options in Admin > Setup > General Settings in the Privacy section.

You should also check the Security category in the TNG Wiki  It contains several recommendations on how to protect your site.

Share this post


Link to post
Share on other sites
Rob Severijns

Ken,

 

Thank you for linking to the Security Category pages.

This is a very welcome addition to the possible security meassures we can take in order to protect the personal data we keep in our databases

They are very usefull in understanding how to protect your data and they should be implemented to a certain extend.

Amongst the ones I use are:

SSL, Bot Trap ModreCAPTCHA V2; and modifications to the robot.txt; tngrobots.php; .htaccess, moving/renaming my Gedcom & Backup files and of course the privacy and encryption settings in TNG itself.

Is it not that the implementation of security levels should be based upon the latest industrial/digital standards?

Of course we should always do a risk assessment when implementing security meassures and should not overdo things, but as stated before, the GDPR and several legislations are forcing us to take the appropriate steps in order to secure personal data.

Currently, within TNG, this is done via an (optional) required login and the other meassures mentioned above.

My question/idea about the 2-factor authentication is focusing purely on the login proces.

In my opinion 2-factor authentication is one of the latest standards to secure the login of authorized users and keep unauthorized users out.

So with that in mind I think it would be wise to implement this within TNG.

How the 2-factor authentication proces should be implemented, either by text message, email or any other possible option is of course open for discussion.

With enough positive reactions and ideas we could pass this through to Darrin.

 

Rob

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×