sinamics/ztnet

[Feature Request]: MFA possibility

Closed this issue ยท 1 comments

leyoda commented

๐Ÿš€ Feature Summary

2FA to ZTNET services

๐Ÿ“ Detailed Description

Description for Adding 2FA to ZTNET

To enhance security for new clients joining a network, we propose implementing a two-factor authentication (2FA) process:

User Generation:
    When a client requests to join a network, ZTNET generates a unique user ID and temporary password.

OTP Code:
    The client receives a One-Time Password (OTP) via a secure channel (email, SMS, or authenticator app).

Login and Authentication:
    The client logs in using the generated user ID and temporary password.
    They enter the OTP to complete the authentication and join the network.

Password Update:
    After the first login, the client is prompted to change their password to a personal, secure one.

This process ensures that only authorized users can join the network, providing an additional layer of security with 2FA.

๐ŸŽฏ Use Case

Example of 2FA Implementation on ZTNET for User "wopr"

User Registration:
    The user "wopr" is registered in a specific organization on ZTNET.
    A unique user ID and temporary password are generated for "wopr".

QR Code for OTP:
    Upon registration, "wopr" receives a QR code via email.
    The QR code can be scanned using an authenticator app (e.g., Google Authenticator) to generate the OTP.

Login and MFA Page:
    Before joining the desired network, "wopr" must log in on the ZTNET MFA page.
    "wopr" uses the user ID and temporary password for the initial login.

Entering OTP:
    After logging in with the temporary credentials, "wopr" is prompted to enter the OTP generated by the authenticator app.
    Upon successful entry of the OTP, "wopr" is authenticated.

Network Access:
    Once authenticated via MFA, "wopr" is authorized to join the specified network.

Password Update:
    "wopr" is then prompted to update the temporary password to a secure, personal password.

This process ensures that "wopr" undergoes a secure MFA procedure before gaining access to the network, adding an extra layer of security by using a QR code for OTP generation.

๐Ÿ’ก Willing to Contribute

No, I can only suggest the feature but cannot help in development or testing

leyoda commented

Or perhaps simpler, the generated otp code is added to the id of the network on which to connect for validation.