2fa with Google Auth

Started by kapara, October 27, 2016, 07:20:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 27, 2016, 07:20:09 PM Last Edit: October 27, 2016, 08:25:51 PM by kapara
I am curious how this works.  Is the two factor communicating directly with Google or does this service work through a server hosted by opnsense.  If I change the firewall name or domain in the firewall will it break the 2fa as in google auth app it says fadmin@OPNsense

Also if the backup is disabled to force login with 2fa if for some reason I am unable to login again is there a way to disable from SSH or console so that I can get back in?
October 28, 2016, 09:20:47 AM #1
Hi kapara,

Today, we do not need Google anymore for this. The QR code is displayed using Javascript and you can find other TOTP-based apps in your phone's respective app store. I just tried it for the first time (not the author of that integration) and it works fine. I used the "Authenticator" app from iOS.

TOTP is a standard RFC, you can read about it here: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Tokens are time-based, they don't work for longer than 30 seconds. So when you have to log in again you need to use a new token.


Cheers,
Franco
Print
Go Up Pages1
User actions