We recently implemented Two-Factor Authentication (2FA) in Alfresco for one of our customers. 2FA adds an extra security step to your login procedure. The default username and password is your single factor of authentication. The second factor is a token you receive by using your mobile phone or other mobile devices. Combining the username, password and token gives you access to your online Alfresco platform.
How does it work?
Basically, we generate a QR image (token) by using the Google Charts API. You need to scan the QR image with the Google Authenticator App and it will show a 6-digit number that refreshes every 30 seconds.
No third-party costs involved
We accomplished a 2FA mechanism without any use of a 2FA provider. Of course, the options in this scenario are limited, because you can only use the Google Authenticator mechanism. In the end, the percentage of smartphone users will continue to grow and therefore the need for SMS supported authentication will be less of a requirement in future time. This solution is a good alternative for companies that want to use an extra security layer for their public Alfresco platform without any third-party costs involved.
The Google Authenticator App is free available for any smartphone (iPhone, Android or Microsoft).