Two Factor Authentication


(Rod Roark) #1

Wanted to mention that I’m working on 2FA using FIDO U2F. Thus a USB device such as the Security Key by Yubico or the similar product from Key-ID. After a normal OpenEMR login you would be prompted to use the physical key to further verify your identity.

This particular type of device is attractive because it’s effective and cheap, around $10. The work should also be adaptable other 2FA methods.

Rod


(Rod Roark) #2

PR is here:


(TechMed) #4

Rod, great job by developing and implementing a Multi-Factor Authentication feature in 5.0.2. Thank you. For the U2F device examples you provide in the GitHub, one of them is ‘Security Key by Yubico’ – I wonder if you had also worked and tested using Yubico’s YubiKey 5 NFC USB device?

Since this YubiKey 5 NFC U2F device does also a full support including FIDO2 and U2F it should be fully transparent and compatible to use with OpenEMR its latest version 5.0.2. Any affirmation, advice and comments are appreciated. Thanks.


(Rod Roark) #5

Hi TechMed, thanks. Any key that supports U2F should be fine. The one you mention may be overkill unless you have another need for those features.

Cheers,
Rod


(Jerry P) #6

I love this concept for login security. Still though, it harkens me back to the day of rs232 dongles for software decrypt. Always fun to hack:)
What’d be even cooler is to add a thumbprint scanner to the usb stick ensuring ownership of the keys drive.


(Rod Roark) #7

WebAuthn would be the the next step, and has the option for going passwordless. Last I checked with Yubico they did not have PHP libraries for it yet.


(TechMed) #8

Thanks Rod for confirming that any key that supports U2F should be fine. Acknowledged that YubiKey 5 NFC key might be an overkill. Cheers.