Author Topic: Adding Two-Factor Authentication (2FA) to HFS  (Read 138 times)

0 Members and 1 Guest are viewing this topic.

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 476
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Adding Two-Factor Authentication (2FA) to HFS
« on: September 23, 2018, 01:16:24 AM »
Since HFS currently depends only on a primitive and weak HTTP/1.1 login system (where unless you use SSL, the password travels in clear text, encoded in Base64), I was thinking it would be nice if HFS implements a simple Two-Factor Authentication system (also known as TOTP or 2FA). This system is a time-based password algorithm (which change every 30 seconds), added on top of the current login. This way, if someone steals the user/pass, they could not get through the TOTP/2FA system (since the 2FA would prevent the access to your private account and files, even if they know the password).

- How this works on the server?
The server needs to generate a secret key (only once, when setting up the 2FA), and it would store that secret key (encoded in Base32) along with the user/pass (I'm always talking about the server part). At user/client level, when TOTP is enabled on HFS, it should check if the credentials (user/pass) are correct first, and then if they are valid it should ask for the 2-Factor Authentication Code. To make this work (like I've said), HFS should store (along with the username and password) the 2FA 'secret key' needed to generate the 2FA time-based codes. The rest of the work flow (at server level) can be read here. To end-users, I guess most of you know how the Two-Factor Authentication works, since Gmail already use it since several years (check out this, if have any doubts).

- Implementing TOTP on HFS using a free Delphi library
After a deep search, I've found a small Delphi/FreePascal/Lazarus library, that could make easy the implementation on HFS: https://github.com/nikosdion/timecode

And now that version 2.4 is on beta test (and since HFS is doing a step from v2.3 to v2.4), I think is a great time to make the server a little more secure by default. I hope Rejetto like and welcome the idea, and if anyone here could collaborate at code level to make this works on HFS, it would be great :) (this is only a suggestion, not a petition to add it).

Cheers,
Leo.-
• HFS ahora también disponible en Español! (Clic aqui) :)
• HFS is now also available in Spanish! (Click here)

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 788
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Adding Two-Factor Authentication (2FA) to HFS
« Reply #1 on: September 23, 2018, 06:34:27 AM »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1