Jump to content

Best practise for setting up another user's 2FA?


Guy Incognito
 Share

Recommended Posts

What's the best process for adding another user with TfaTotp 2FA? Just using it for the first time.

Should I supply them with them with the secret when I first create their account? Seems like a security risk?

Otherwise how do I create a 2FA user and let them login for the first time?

Link to comment
Share on other sites

6 hours ago, adrian said:

You create the user and then follow the instructions in this post https://processwire.com/blog/posts/pw-3.0.159/ which explains how to force the user to set up 2FA themselves.

Ok I was only on latest master. Have updated and now have the options screen in that blog post.

But unless I'm thick I still can't figure out how to force TOTP? I see you can 'strongly suggest'.

I see Ryan wrote

Quote

ProcessWire hasn’t had an option to force users to use two-factor authentication, but likely will by next week. 

Has it just not happened yet?

Link to comment
Share on other sites

3 minutes ago, adrian said:

Not certain, but it sounds like it hasn't made it in yet - sorry, I forgot that feature wasn't in yet.

No probs thanks for your help. This is the first time using PW 2FA on a client project and just making sure I get my facts straight before looking like a fool ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...