Please enable JavaScript to view this site.

Navigation: Using PHPRunner > Security

Two-factor authentication
Scroll Prev Next More

 

Two-factor authentication is a security mechanism that requires two types of credentials for authentication: login/password and an SMS/email/TOTP verification code. It is designed to provide an additional layer of validation, minimizing security breaches.

 

Press the Two-factor authentication button on the Security screen to open a popup with the two-factor authentication options.

two-factor_auth_settings

 

 

PHPRunner support the following Two-factor authentication methods: SMS, Email and TOTP apps like Google Authenticator or Microsoft Authenticator.

 

TOTP authentication

 

This method uses Time-based One-time Password (TOTP) algorithm. The user must install an authentication app such as Google Authenticator, or Authy, or Microsoft authenticator or one of many other free alternatives available on all mobile and desktop platforms. The app will display a code the user must enter upon login.

 

No additional setup or Internet connection needed. Choose a field in the users table to store user's security code.

 

The project name will be displayed in the Authenticator app. Enter the name of your app there.

 

SMS

 

Enable the two-factor phone authentication and select the field containing the user's phone number. You can also set the country code prefix for the numbers without the country code in your database.

 

The next step is to set up the SMS Settings.  In case you use the Twilio messaging platform, you need to fill the Twilio Account SID, Twilio Auth Token and the number registered with Twilio fields.

 

You may also set up the SMS settings at the Miscellaneous screen.

 

If you have chosen another one of the multiple SMS providers, you need to activate it first by making several changes in your source folder. See SMS settings to get instructions on how to do it.

 

After you finish configuring the SMS settings, you can customize the message by pressing the Message button.

Email

Similar to phone/SMS option. The app will send an email with a code to the user. The user must enter this code on the site to confirm his identity.

 

You would need to provide email settings in order to send email. Email settings can be also accessed via Miscellaneous screen. You can also customize the email message by clicking Message button.

 

Customizing 2FA behavior

 

The following code can be added to AfterAppInit event in order to change the number of allowed a.

 

 

 

//    number of allowed attempts to enter the code.
$twoFactorAttempts = 5;
//    number of seconds the two-factor verification code is valid
$twoFactorCodeLifetime = 5*60;

 

 

Security related topics:

Security screen

Login form appearance

Registration and passwords

Advanced security settings

User group permissions

Dynamic permissions

Audit and record locking

Encryption

Session keys

Active Directory

Facebook connect

Sign in with Google

CAPTCHA on authentication pages

See also:

Security API

Datasource tables screen

Miscellaneous settings

Page Designer

Event editor

 

Created with Help+Manual 7 and styled with Premium Pack Version 3 © by EC Software