2-factor authentication in Cyclos 4

Here you can put ideas for new functionalities and improvements.

Moderators: rmvanarkel, hugo, alexandre

Post Reply
cycloshost
Posts: 578
Joined: Mon Jan 30, 2012 8:12 am
Contact:

2-factor authentication in Cyclos 4

Post by cycloshost »

Hi, we would like to know if a 2-factor authentication is planned, like for example Google authenticator or a TAN system, we were discussing that already here:
http://www.cyclos.org/forum/viewtopic.php?f=2&t=1221

Thanks!
cycloshost.com
Cyclos administration and hosting
admin
Site Admin
Posts: 1424
Joined: Mon Jan 24, 2005 10:31 am

Re: 2-factor authentication in Cyclos 4

Post by admin »

Hi,

We have a general meeting next week with all the developers and coordinators.
I will put 2-way authentification on the discussion list and respond to this post with the outcome.
BBank
Posts: 2
Joined: Thu Jun 06, 2013 1:44 pm

Re: 2-factor authentication in Cyclos 4

Post by BBank »

admin wrote:Hi,

We have a general meeting next week with all the developers and coordinators.
I will put 2-way authentification on the discussion list and respond to this post with the outcome.

What was the outcome of the meeting?
admin
Site Admin
Posts: 1424
Joined: Mon Jan 24, 2005 10:31 am

Re: 2-factor authentication in Cyclos 4

Post by admin »

Currently Cyclos4 does offers solid security. Of course security is an ongoing task and we will improve and extend the security where possbile. One of the options that will plan to add is to have an OTP (one time password) option for transaction types and other operations. Depending on the OTP can be send via channels SMS, e-mail and voice call. We are also doing research on biometric authentication and NFC. Any news on this will be included in the newsletter.
Bitcoin
Posts: 7
Joined: Tue Nov 20, 2012 9:58 am

Re: 2-factor authentication in Cyclos 4

Post by Bitcoin »

I would like to see 2 factor google auth as well
nonobaya
Posts: 48
Joined: Mon Nov 19, 2012 4:11 pm

Re: 2-factor authentication in Cyclos 4

Post by nonobaya »

admin wrote:Currently Cyclos4 does offers solid security. Of course security is an ongoing task and we will improve and extend the security where possbile. One of the options that will plan to add is to have an OTP (one time password) option for transaction types and other operations. Depending on the OTP can be send via channels SMS, e-mail and voice call. We are also doing research on biometric authentication and NFC. Any news on this will be included in the newsletter.
Hello Admin,

Is there any news about OTP

thanks
rmvanarkel
Posts: 247
Joined: Tue Oct 05, 2010 1:14 pm

Re: 2-factor authentication in Cyclos 4

Post by rmvanarkel »

It is on top of our wishlist for Cyclos 4.4, so most probably it will be implemented then.
judahmu
Posts: 10
Joined: Mon Jul 01, 2013 10:14 am

Re: 2-factor authentication in Cyclos 4

Post by judahmu »

I wrote a Google Authenticator module into Cyclos3.7. I'd be willing to share the code if it would help for Cyclos4...
Image
Image
admin_de2
Posts: 81
Joined: Wed Dec 31, 1969 9:00 pm

Re: 2-factor authentication in Cyclos 4

Post by admin_de2 »

Dear Cyclos-Team,

is there any 2FA solution out there which is able to use Google-Auth, Authy, Windows Hello, etc.?

We miss that to.

It's a task since ... 2005 and a promise since ... 2013.

Any progress here?

We hit the security guideline now with it.

Thank you,
Thomas
alexandre
Posts: 950
Joined: Wed Sep 06, 2006 9:06 am

Re: 2-factor authentication in Cyclos 4

Post by alexandre »

Hi,

At the channel config you can define a password type to be used as login confirmation method.
This password type can be a plain text, virtual beyboard, OTP sent by email or sms

Regards
Alexandre Caurrinhos
Cyclos development team.
rmvanarkel
Posts: 247
Joined: Tue Oct 05, 2010 1:14 pm

Re: 2-factor authentication in Cyclos 4

Post by rmvanarkel »

Dear Thomas,

To elaborate a bit on what Alexandre wrote. We already support 2 factor authentication for quite some time now. You can set this in the Cyclos channel configuration. To elaborate a bit more:

OTP - This is a 1 time password that will be send to the users his email address or phone by SMS.

Trusted devices - Also trusted devices can be used for 2 factor authenthicaiton. A trusted device is the Cyclos app in which a trusted device has been activated. When a trusted device is activated a secret key is stored on the device. This key never leaves the device and can't be cracked because we use strong encryption (AES). You can use this device for example to confirm a payment or as a secondary login. It just works by scanning a QR code with the Cyclos mobile app. Actually, a lot of banks use the same setup nowadays. By combining the use of the mobile app together with SMS (also in Cyclos it is possible to let the user decide to use OTP or a trusted device to confirm something).

Warm regards,

The Cyclos team.
Post Reply