cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Implementation time for Multi Factor Authentication using TOTP

miki
New Here ,
May 04, 2020 May 04, 2020

Copy link to clipboard

Copied

our security team wants us to implement Multi Factor Authentication using a token based system.  I located https://github.com/marcins/cf-google-authenticator which references CF10 and i was pleased becasue we still haven't been approved to move our app from CF 11 to a supported version but beyond serving as a sample has anybody got any idea how long it might take to implement either google authenticator OR another token based system.

 

I'm being told that other 2FA methods are not approved (SMS, Email, etc) because they are not secure so they aren't options at this time.

 

Any Advice, Recommendations, or realtime experience (it took us x long) would be appreciated.  I hope this wasn't too vague, i just don't want to put too much in the post.

TOPICS
Advanced techniques , Getting started , Security

Views

3.2K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
James Moberg
Enthusiast ,
Jun 09, 2020 Jun 09, 2020

Copy link to clipboard

Copied

I recently added TOTP (Time-Based One-Time) to our login framework using the CF-Google-Authenticator CFC using ColdFusion 2016, but it should work with CF9.  It was pretty easy to integrate and worked right out of the box.  It took me a couple hours to refactor, test and roll out.  I also added SMS & Email 2FA at the same time.
https://github.com/marcins/cf-google-authenticator

Regarding using a mobile app, I recommend using Authy over Google Authenticator:
https://authy.com/

 

Here are some best practices when integrating the MFA INPUT field:
https://www.twilio.com/blog/html-attributes-two-factor-authentication-autocomplete

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dani Szwarc
Participant ,
May 03, 2022 May 03, 2022

Copy link to clipboard

Copied

In Response To James Moberg

Hello James, would you mind sharing your steps on how you were able to set it up?

I am somehow lost at this point after trying with DUO, Authy and I am not able to understand the implementation process.

Thank you very much in advance!

 

Dani

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
James Moberg
Enthusiast ,
May 03, 2022 May 03, 2022

Copy link to clipboard

Copied

In Response To Dani Szwarc

Here's an alternative CFML library. (I'm not sure if it will work with CF11, but ColdBox/WireBox is not required in order to use it.)  There's a one-page demo that should provide some insight.  It's maintained (updated 21 hours ago), has documentation and you could reach out for more assistance if you need help.
https://github.com/coldbox-modules/totp



 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
paule12345
Participant ,
May 09, 2022 May 09, 2022

Copy link to clipboard

Copied

LATEST
In Response To Dani Szwarc

If you want to go the Duo route, using their Duo Web SDK, there's a CFC for that here:

https://github.com/duosecurity/duo_coldfusion

 

Duo Web SDK implementation steps:

https://duo.com/docs/duoweb-v2

 

It's been a few years, but I was successful in getting Duo to work with our CF logins without too much trouble...

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices