Jump to content

How to set Double authentification for Catalog and Administration Login by TOTP


Recommended Posts

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.[1]

TOTP is the cornerstone of Initiative for Open Authentication (OATH), and is used in a number of two-factor authentication (2FA) systems.

 

A Time-Based One-Time Password or TOTP is a passcode valid for 30 to 90 seconds that has been generated using the value of the Shared Secret and system time.

 

How it works inside CliShopping,

 

You have two options you can activate, one for the administration protection and one on Catalog login. The approach is the same for the both. You insert your email and your are redirected on Topt page QR code. You have just to scan the code with your phone.

 

Aministration Login :


Protection 1  Connexion :

You must enter you login and password. If it's does not work you must restart. It's security normal process

 

Protection 2  Ip identification :

You Ip is registred everytime you want to try to log inside the administration. After 5 times (you can define), you account is blocked and you must wait to try another time.

 

You can also receive an email to know if someone try to connect on you admin

 

Protection 3 Double authentification by TOTP: (option)

This is an option where you can include the TOTP identification. The process is quite simple.

 

If you activate the TOTP, the first time when you tried to connect inside the admin, a TOTP password is generated and save inside your database.

After a QR code appears and you must terminate your identification with the sanc of your QR code and  include the number given by your phone.

The process compare the TOTP number with your QR code number and allow you to connect or not inside the administration.

 

The login

This the same process as the administration.


Protection 1  Connexion :

You must enter you login and password. If it's does not work you must restart. It's security normal process

 

Protection 2 Double authentification by Topt : (option)

Same process as the Administration for the TOTP authentification.

 

Conclusion :

This approach is not a perfect process security but allow you to have something best with a low interference with the action client. It's in coformity with the regulation recommandtion proposed in Europe.

 

You can activate this process only for administration or for the catalog. It's independent process.

 

For example, Amazon is more restritive about the double identification because you must receive a code on your smartphone. The problem with this approach if you tried to connect with another computer and you do not have your phone, you can not. In other part, with the TOTP process implemented inside the ClicShopping, you can use on every computer.

 

To increase the application security and data storage, you always  have a compromise to choose and there is always a repercution on your client. For moment, it can be transparent, another moment, it must do an action.

 

Also you can increase again the security to include and antispam App and create different kind to security approach inside different ClicShopping forms.


The point aborded here is only about the identification.

 

 

 

 

 

Link to post
Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use