[SM-PLUGINS] Google Authenticator Plugin

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

hi,

I started developing plugin for 2-step authentication using Time-based
One-Time-Passwords (TOTP) generated by Google Authenticator app for mobile
phones (wiki says it's actually a subset of RFC6238 and not a proprietary
invention).

It's based on Yubikey plugin and it's my first plugin so please feel free
to tell me if i'm doing something wrong (ok, I just found
http://squirrelmail.org/docs/devel/devel-4.html#ss4.16 - that should be
next on my list).

It works with 1.4.x branch only and there are some issues which I'm
intended to fix, but I'd also like to hear some feedback.

How to test it:
1. You need iPhone or Android phone with Google Authenticator app
installed. On Linux, you can probably also use oathtool
2. Download
http://alexey.shpakovsky.ru/unlisted/google_authenticator-0.1-1.4.0.tar.gz,
extract it and install as usual.
3. Go to Options - Personal Information and look at the bottom - there
will be "Google Authenticator" section
4. Click the link to generate key - it will show you a QR code
5. Scan the QR code using Google Authenticator app on your phone
6. Sign Out of SquirrelMail
7. On the login form, there is a new field for entering one-time password
generated by app on the phone

Feel free to write your comments, suggestions, etc!

Links:

Android app:
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

iPhone app: https://itunes.apple.com/app/google-authenticator/id388497605

Linux command-line tool: http://www.nongnu.org/oath-toolkit/oathtool.1.html

Download link, once again:
http://alexey.shpakovsky.ru/unlisted/google_authenticator-0.1-1.4.0.tar.gz

Wiki page: http://en.wikipedia.org/wiki/Google_Authenticator