Hello, I am looking for a way to make my Piwigo more secure, and preventing bots and bad actors from trying to log into my Piwigo site.
A lot of other sites / apps I use have a 2FA / MFA setup, where you are given a code (either a string of characters, or a QR code), and you add it to an App on your phone, such as Google Authenticator, Duo, Authy, etc. When you try to log into your account, you are prompted to type in this code from your phone.
Can something like this be added to Piwigo, either as a core security feature, or a plugin? I did look for a pluging, but didn't see one that offered this functionality.
Thank you!
Offline
hello
https://piwigo.org/ext/extension_view.php?eid=933
for exemple
Offline
I think they more meant TOTP instead of some mailed verification code, but there doesn't seem to be such thing.
Offline
erAck - yes, exactly, thank you. My setup makes it tricky to send emails, so I prefer 2FA via TOTP. (That was the phrase I was looking for, thank you!)
Offline
Mind you that MFA does not work on all themes, I have been testing some boostrap themes and is right now a showstopper since the available captcha solutions do not work on most, if not all, of those themes
Offline