Home Explore Help
Sign In
other
/
pma
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1da8bfe8dd
Branches Tags
pma
/
doc
/
html
/
_sources
/
two_factor.rst.txt

two_factor.rst.txt 2.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. .. _2fa:
    2. 

  2. 

  3. Two-factor authentication
    4. 

  4. =========================
    5. 

  5. 

  6. .. versionadded:: 4.8.0
    7. 

  7. 

  8. Since phpMyAdmin 4.8.0 you can configure two-factor authentication to be
    9. 

  9. used when logging in. To use this, you first need to configure the
    10. 

  10. :ref:`linked-tables`. Once this is done, every user can opt-in for the second
    11. 

  11. authentication factor in the :guilabel:`Settings`.
    12. 

  12. 

  13. When running phpMyAdmin from the Git source repository, the dependencies must be installed
    14. 

  14. manually; the typical way of doing so is with the command:
    15. 

  15. 

  16. .. code-block:: sh
    17. 

  17. 

  18.     composer require pragmarx/google2fa bacon/bacon-qr-code
    19. 

  19. 

  20. Or when using a hardware security key with FIDO U2F:
    21. 

  21. 

  22. .. code-block:: sh
    23. 

  23. 

  24.     composer require samyoul/u2f-php-server
    25. 

  25. 

  26. Authentication Application (2FA)
    27. 

  27. --------------------------------
    28. 

  28. 

  29. Using an application for authentication is a quite common approach based on HOTP and
    30. 

  30. `TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_.
    31. 

  31. It is based on transmitting a private key from phpMyAdmin to the authentication
    32. 

  32. application and the application is then able to generate one time codes based
    33. 

  33. on this key. The easiest way to enter the key in to the application from phpMyAdmin is
    34. 

  34. through scanning a QR code.
    35. 

  35. 

  36. There are dozens of applications available for mobile phones to implement these
    37. 

  37. standards, the most widely used include:
    38. 

  38. 

  39. * `FreeOTP for iOS, Android and Pebble <https://freeotp.github.io/>`_
    40. 

  40. * `Authy for iOS, Android, Chrome, OS X <https://authy.com/>`_
    41. 

  41. * `Google Authenticator for iOS <https://apps.apple.com/us/app/google-authenticator/id388497605>`_
    42. 

  42. * `Google Authenticator for Android <https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2>`_
    43. 

  43. * `LastPass Authenticator for iOS, Android, OS X, Windows <https://lastpass.com/auth/>`_
    44. 

  44. 

  45. Hardware Security Key (FIDO U2F)
    46. 

  46. --------------------------------
    47. 

  47. 

  48. Using hardware tokens is considered to be more secure than a software based
    49. 

  49. solution. phpMyAdmin supports `FIDO U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_
    50. 

  50. tokens.
    51. 

  51. 

  52. There are several manufacturers of these tokens, for example:
    53. 

  53. 

  54. * `youbico FIDO U2F Security Key <https://www.yubico.com/fido-u2f/>`_
    55. 

  55. * `HyperFIDO <https://www.hypersecu.com/tmp/products/hyperfido>`_
    56. 

  56. * `Trezor Hardware Wallet <https://trezor.io/?offer_id=12&aff_id=1592&source=phpmyadmin>`_ can act as an `U2F token <https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F>`_
    57. 

  57. * `List of Two Factor Auth (2FA) Dongles <https://www.dongleauth.info/dongles/>`_
    58. 

  58. 

  59. .. _simple2fa:
    60. 

  60. 

  61. Simple two-factor authentication
    62. 

  62. --------------------------------
    63. 

  63. 

  64. This authentication is included for testing and demonstration purposes only as
    65. 

  65. it really does not provide two-factor authentication, it just asks the user to confirm login by
    66. 

  66. clicking on the button.
    67. 

  67. 

  68. It should not be used in the production and is disabled unless
    69. 

  69. :config:option:`$cfg['DBG']['simple2fa']` is set.
    70.