2-factor authentication for phpMyAdmin

This week, I worked on adding two-factor authentication support for phpMyAdmin. This is by far the most interesting feature I worked on. I never really worked keenly on the security aspect of any software. This indeed has been a very good learning experience.           DuoScreen_740.png

Here is the process:

  1. Log in to your account normally.
  2. Access setup2FA.php. I have not figured out where to place the link which directly takes you to the page. That is more of a user-experience issue and I leave it for the team to advise me on that.                                                                                                                                      Screenshot_20170714_121959.png
  3. Open Google Authenticator (or Authy or whatever you prefer). Scan the barcode with your app. It now starts generating TOTP on your app.                                                               Screenshot_20170714-124414.png
  4. Enter the TOTP in the text field and click submit. Done!!. You now have successfully added 2-factor authentication to you PMA account.                                                Screenshot_20170714_122950.png
  5. When you log in next time, after you enter your credentials, you will be asked for TOTP.Screenshot_20170714_123431.png
  6. Enter the TOTP generated. You will not be logged in unless you clear this step. That’s it!! :D.

I am yet to add a way to delete 2-factor authentication. You can check-out the code from my branch. I will make a pull request after I add the deletion part also.

Since this is a security feature, I feel this requires thorough testing.

Special thanks to TwoFactorAuth library.

Edit: Submitted pull request – https://github.com/phpmyadmin/phpmyadmin/pull/13495

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s