Two Factor Authentication (2FA)
It's possible to use 2FA from GUI's version 20.
Be sure you have synchronized time on your GUI's server because 2FA pins(codes) are time limited. (install ntp service there)
Settings in the GUI
- user with admin permissions can activate 2FA's requirement for any user (in GUI->Users & Audit). When its enabled, the 2fa setup is required.
- admin user can delete actual 2FA secret from user's account (in GUI->Users & Audit)
- user can change/setup its 2FA secret in the section GUI->User settings->Change user auth. This option joins the password and the 2FA setting.
- follow the setup dialog
Setting of the 2FA code generator
you can use various 2FA applications:
- Google Authenticator for Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
- Google Authenticator for IOS https://itunes.apple.com/cz/app/google-authenticator/id388497605?mt=8
- Google Authenticator as plugin for Chrome Browser https://chrome.google.com/webstore/detail/google-authenticator/njkhnbmlaefgkjpaghgphiceaocdblgl
- Authenticator plugin for Firefox https://addons.mozilla.org/en-US/firefox/addon/auth-helper/?src=search
Import account setting from QR code into yours application and start to use it.
- You can disable 2FA authentication for any user inside database with following query
mysql> update users set secret = null, req_2fa = 0 where username = 'USER';