techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
ad7808d430
authelia/docs/configuration/one-time-password.md
Amir Zarrinkafsh 683c4a70bf
fix(web): improve 2fa enrollment process (#1706) 
* refactor(web): improve 2fa enrollment process

This PR will change some of the wording and colours for the 2FA processes in order to provide more clarity and address some accessibility issues for end users.

The following is a summary of the changes:

* One-Time Password ⭢ Time-based One-Time Password
* Security Key ⭢ Security Key - U2F

![Screenshot_2021-02-02-09-36-17](https://user-images.githubusercontent.com/3339418/107138185-17656100-6967-11eb-8fac-9e75c7a82d09.png)


* QRCode ⭢ QR Code

![Screenshot_2021-02-07-05-07-25](https://user-images.githubusercontent.com/3339418/107138196-29df9a80-6967-11eb-811f-d77c9bb0159e.png)

* `Not registered yet?` text to display `Lost device?` if a user has already registered a device of said type

![Screenshot_2021-02-02-10-24-54](https://user-images.githubusercontent.com/3339418/107138205-395ee380-6967-11eb-8826-83e1438dd146.png)

* Change button and text colour in e-mails that Authelia generates
* Change Authelia email footer to be more security conscious

![Screenshot_2021-02-07-04-51-40](https://user-images.githubusercontent.com/3339418/107138211-4085f180-6967-11eb-890b-9d931bd1ce76.png)

The docs have also been updated to clarify the 2fa device enrollment limitation which only allows users to register one of each device type concurrently.

Closes #1560.
2021-02-12 16:59:42 +11:00

1.8 KiB
Raw Blame History

layout title parent nav_order
default Time-based One-Time Password Configuration 4

Time-based One-Time Password

Authelia uses time based one-time passwords as the OTP method. You have the option to tune the settings of the TOTP generation, and you can see a full example of TOTP configuration below, as well as sections describing them.

totp:
  issuer: authelia.com
  period: 30
  skew: 1

Issuer

Applications generating one-time passwords usually display an issuer to differentiate applications registered by the user.

Authelia allows customisation of the issuer to differentiate the entry created by Authelia from others.

Period and Skew

The period and skew configuration parameters affect each other. The default values are a period of 30 and a skew of 1. It is highly recommended you do not change these unless you wish to set skew to 0.

The way you configure these affects security by changing the length of time a one-time password is valid for. The formula to calculate the effective validity period is period + (period * skew * 2). For example period 30 and skew 1 would result in 90 seconds of validity, and period 30 and skew 2 would result in 150 seconds of validity.

Period

Configures the period of time in seconds a one-time password is current for. It is important to note that changing this value will require your users to register their application again.

It is recommended to keep this value set to 30, the minimum is 1.

Skew

Configures the number of one-time passwords either side of the current one that are considered valid, each time you increase this it makes two more one-time passwords valid. For example the default of 1 has a total of 3 keys valid. A value of 2 has 5 one-time passwords valid.

It is recommended to keep this value set to 0 or 1, the minimum is 0.