Within the Netherlands, MFA is becoming an increasingly important feature that we will be required to implement in the near future. While searching for options to include some sort of MFA in OJS, I’ve found these two topics:
Neither of these quite satisfies what we need: an option to complement local login with an extra step (for example using an authenticator app like Microsoft Authenticator).
Does anyone know of plugins that implement MFA for OJS, with support for at least OJS 3.3 and preferably 3.4? Or does anyone know about plugins or other options that are in-development?
Of the two posts, I’d suggest looking into the OpenID option. It’s early days for us, but we’ve started adapting the OpenID plugin forward to 3.4.0 and getting ourselves oriented internally on 2FA. (Related: #9568) Meanwhile, we’re assessing ways to move our session/login implementation closer to Laravel’s, which will eventually make it easier to make use aspects of the Laravel ecosystem, including their 2fa toolset.
For example, if you’re able to run a tool like Keycloak, it might be possible to set up OpenID in OJS to authenticate with Keycloak, and set up Keycloak with the 2fa service provider of your choice.
Regards,
Alec Smecher
Public Knowledge Project Team