Secure Login (2FA) - Confluence
The ORIGINAL: Strong Security via 2FA auth. for Confluence, efficient but user friendly without any external 2-factor systems
Ensure limited access for authorized persons only via enhanced security: in addition to the username and password, a registered mobile device will be used each login time to generate a PIN code valid for half a minute.
Based on Atlassian plugin system 2, just install this add-on via Marketplace like others behind the firewall: you do not have to patch anything nor does the add-on needs to communicate to any third-party system.
Support of different mobil authenticators
Different authenticator apps are supported. You decide which one fits your needs and infrastructure:
- TOTP with (free) mobile authenticators available for iOS, Android, etc.
- hardware tokens
The default login for Atlassian tools is based on username and password: this is not a strong authentication as both values can be easily passed/copied to other persons using them in parallel to the owner. A secure login depends on multiple aspects and combine e.g. knowledge with physical gadgets, which cannot be duplicated that easily. If the gadget will be stolen, it is useless without the knowledge aspect. One sample of such a secure login is a 2-factor authentication using user name/password and a mobile device as key code generator resp. authenticator.
ATTENTION: a mobile authenticator is not a barcode reader!
To use strong security, the SYRACOM add-on has to be installed and activated as described in our Administrator's Guide. Furthermore you must have an authenticator app installed on your mobile device. You can use every app which is compliant to the RFC 6238 standard. Please read the Users Guide having listed examples for different mobile phones and operation systems!
Privacy and security
After the first login with username and password, the user has to register his mobile authenticator by scanning the QR code and enter the generated pin for validation.