A two-factor authentication, as the name suggests, requires a second factor in addition to the classic primary password key. Strictly speaking, even a login with username and two different passwords would be two-factor authentication; even though this would not add any security value.

Often, so-called one-time passwords are used as a second factor.

These are either taken from a list or generated by a generator. In any case, with these OTPs it must be ensured that server and client (system and user) always know synchronously which OTP is currently valid.

Back to topic: two-factor authentication often uses one-time passwords as a second factor, but OTPs can also be used beyond two-factor authentication as an autonomous security mechanism.

The payment service provider “Klarna”, for example, completely waives asking for the classic password and storing it. Instead, every time a known user logs in, the delivery of a one-time password to the user via SMS is triggered.

This approach is actually quite clever, as it minimizes the risks involved in storing a password with the web service provider. In the event of a security breach, attackers could not capture sensitive login data.

An additional security risk does not arise from the exclusive OTP login. On the contrary, the elimination of the “password reset functions” closes a potential attack vector, since this function is simply obsolete.

Der Beitrag Two-Factor Authentication vs. One-Time-Password (OTP) – difference and correlation erschien zuerst auf Pixelfriedhof.

The following manual describes how to deactivate Two-Factor-Authentication via the database-backend to regain access to the Joomla-backend.

Follow the following steps to enable a user to login into the Joomla-backend without having to enter a two-factor-code.
Please replace prefix ‘#####’ with the prefix used in your Joomla-database. Every Joomla-installation uses an individual prefix.

Keine Produkte gefunden.

1. Log in to the database management tool of your choice (PHPMyAdmin, SQL ManagementStudio eg.)
2. The table “#####_extensions” contains all the plugins registered in your Joomla-installation.  One f them is the plugin for Google’s Two-Factor-Authentication. Open this table.
3. Search the table “#####_extensions” for the row with the entry “plg_twofactorauth_totp” in the column “name”.
4. Set the entry of the colum “enabled” from 1 to 0. 
5. The table “#####_users” contains all users. Open this table.
6. Search the table “#####_users” for the row containing the affected username.
7. Search for the column “otpKey” in the row of the affected user from step 6. Note that entry for security reasons.
8. Search for the column “otep” in the row of the affected user from step 6. Note that entry for security reasons.
9. Delete both entrys from steps 7 and 8 out of the database.
10. Log in to the Joomla-backend with the affected user without providing a two-factor-code.

Keine Produkte gefunden.

All the links in this text are Amazon Affiliate Links, and by clicking on an affiliate link I will earn a percentage of your subsequent Amazon purchases. However, this circumstance does not influence the background of my product recommendation. This product recommendation is independent, honest and sincere. 

Bei allen genannten Links handelt es sich um Amazon-Affiliate-Links. Durch einen Klick auf einen Affiliate-Link werde ich prozentual an Euren darauf folgenden Amazon-Einkäufen beteiligt. Dieser Umstand beeinflusst aber nicht die Hintergründe meiner Produktempfehlung. Diese Produktempfehlung erfolgt unabhängig, ehrlich und aufrichtig.

Der Beitrag How to deactivate Google Two-Factor-Authentication in Joomla via database erschien zuerst auf Pixelfriedhof.