Email/SMS 2-factor authentication (TfaEmail)

This is a push-based two-factor authentication method, where it sends out an email or SMS message to you with your authentication code.

Unlike TOTP, it doesn't rely on shared secrets/keys or algorithms, and instead verifies your identity based on your access to a particular email address or phone number. Whether that's beneficial or not depends on how secure that access is.

In the case of our TfaEmail module, it actually just relies upon email. But because phone numbers you can send an SMS/text to generally have a corresponding email address, this enables you to use it as an SMS delivery method as well. For instance, here's how you can send an SMS/text to various different phone companies (let's say your phone number was 123-456-7890, below are the email addresses you would use):

  • AT&T: 1234567890@txt.att.net
  • Project Fi: 1234567890@msg.fi.google.com
  • Sprint: 1234567890@messaging.sprintpcs.com
  • T-Mobile: 1234567890@tmomail.net
  • Verizon: 1234567890@vtext.com

Those are just examples. If you don't see your provider, just google "email to SMS [provider]" and it should be easy to find. Whether using email-to-SMS is ideal for this purpose, I don't really know—I only became familiar with the universality of email-to-SMS within the last week. But I do know that I want to make a lot of two-factor authentication methods available for ProcessWire, and that any authentication that adds two-factor on top of username/password requirements is going to be a nice security improvement over authentication that lacks it.

One benefit of this push-based approach is that if someone manages to get your username and password, you'll likely find out about it pretty quickly as you'll get an email or text about it immediately. Meanwhile, the attacker won't be able to login, unless they've already managed to break into your email (or SMS if using that).

Twitter updates

  • This week we’re proud to announce the newest ProcessWire master version 3.0.164. Relative to the previous master (3.0.148) this version adds a ton of new & useful features and fixes more than 85 issues, with more than 225 commits over 7 months— More
    7 August 2020
  • ProcessWire 3.0.163 resolves more than a dozen issue reports and adds new hooks and configurable module install options, among numerous other updates. In addition, a major update to ProCache (v4.0) has been released— More
    24 July 2020
  • Weekly update for 17 July 2020 and a look at new features coming in next week's version of ProCache— More
    17 July 2020

Latest news

  • ProcessWire Weekly #326
    In the 326th issue of ProcessWire Weekly we're going to introduce the latest ProcessWire master version, take a quick look at a brand new third party module called Textformatter Video Markup, and more. Read on!
    Weekly.pw / 8 August 2020
  • ProcessWire 3.0.164 new master version
    This week we’re proud to announce the newest ProcessWire master version 3.0.164. Relative to the previous master version (3.0.148) this version adds a ton of new and useful features and fixes more than 85 issues, with more than 225 commits over a period of 7 months.
    Blog / 7 August 2020
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like superbude.de. ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH