Security extension: Two-factor Auth

[marcmascarell]

We would like to have an extension which applies the two-factor auth mechanism.

• Should provide an additional security check that ensures the user is who he says
• While it can implement any PHP package that should not depend on extras like installing X lib on the system
• An example of suitable service could maybe be Authy

[yoyosamo]

Perhaps this may be of use: https://github.com/Spomky-Labs/otphp

Implementing TOTP, which is a widely compatible specification, could be better than using Authy's proprietary API.
TOTP can generate codes using apps for a large variety of devices, they can be generated by anyone on platforms from the common to the obscure (including Authy, if the user so chooses), as opposed to Authy being restricted to what they consider to be 'worthy' of development.

While I'm not quite proficient enough to implement it myself, I hope that this might help steer toward ensuring wide compatibility (and that you don't mind me butting in :P)!

[marcmascarell]

Thanks for the suggestion, it definitely looks good.

I agree with you that this feature should be as wide and open as possible. This package looks like what we need :)