#1499 Feature request: enhance security by adding support for 2-factor-authentication via Google Authenticator

Needs_decision
open
nobody
4
2014-05-08
2014-02-02
RobertHarm
No

My hoster recently added support for securing the hosting admin panel with 2-Factor-Authentification, using Google Authenticator. The only "weak" link left is the phpmyadmin access which does not support that.

It would be great if users would have the option within PMA settings to enable 2-Factor-Authentication to further secure their databases and prevent brute-force-attacks if the login site is publicly available.

More infos on Google Authenticator can be found here: http://code.google.com/p/google-authenticator/

Discussion

  • Maxime DAVID
    Maxime DAVID
    2014-03-18

    Hi,

    Maybe this project could be a GSoC idea ? I would be glad to submit a proposal about this feature but I would like to make sure that it could be accepted as a GSoC project

     
    • Isaac Bennetch
      Isaac Bennetch
      2014-03-18

      It wouldn't be able to stand alone as a GSoC idea due to the expected timeline; a proposal is supposed to take approximately the full summer (which generally has meant approximately 12 forty hour weeks). So if this project could be incorporated with other work to make a proposal that takes approximately "all summer", then it certainly could be used as such, but by itself is not likely to be chosen because of the timeline expectation.

       
  • Maxime DAVID
    Maxime DAVID
    2014-03-18

    OK ! Thanks, I'm going to add some other features to my proposal

     
  • supawiz6991
    supawiz6991
    2014-05-02

    I would love to see this for user logins! How would this work for programs or websites that try to read/write to a database? How would they get the random security key?

     
    • Isaac Bennetch
      Isaac Bennetch
      2014-05-03

      Hi supawiz6991, since other programs and websites access the database directly rather than going through phpMyAdmin, when/if we implement this in phpMyAdmin it won't have any effect on those other programs. If implemented, this would strictly be for user authentication to phpMyAdmin.

       
  • supawiz6991
    supawiz6991
    2014-05-08

    Awesome! I hope that IF turns into a WILL !