@dtwardy wrote:
Are there any plans on integrating 2 factor authentication in pkp library or OJS? Concerning the (apparently) growing attacks on journals, stronger authentication methods might be a good idea. While SMS based services come at a cost, FIDO's U2F method will only generate costs once for users (~$10 and up). Those keys can also be used to login into other services and even some systems. Chrome and Opera already natively support it, Microsoft is part of the consortium and working on integrating it into Windows 10 and Edge and there's a Firefox plugin to support U2F.
There's library provided on github under BSD license by the original developers and even Wordpress supports it by now.
see following links:
Fido Alliance
Ars Technica article
Discussion on NIST denouncing SMS 2FAIn my opinion there's no way past 2FA to strengthen OJS's security.
Posts: 1
Participants: 1