E-Mail as Second Factor¶
This plugin adds the user’s e-mail account as a second authentication factor.
After logging in through another authentication module, a one-time code will be generated by the portal and sent to the user’s e-mail address. The user will be prompted for this code in order to finish the login process.
This plugin will only improve security in situations where the user’s email is not protected by the same password used to login on LemonLDAP::NG. And of course, if the user’s email account is also protected by LemonLDAP::NG, they will not be able to open their mailbox to find out their one-time code.
Before configuring this module, make sure the user’s email address is
correctly fetched from your UserDB plugin and appears in the session
browser. If you want to store the user e-mail in a different session
All parameters are configured in “General Parameters » Second factors » Mail second factor”.
- Activation: Set to
Onto activate this module. If a user does not have an email address, they will encounter an error on login. If you want to use this plugin only for users who have an email address, use
- Code regex: The regular expression used to generate one-time codes. The default is a 6-digit code.
- Code timeout: It might take a while for users to open their e-mail account and find the code. Raise this timeout if the default (2 minutes) isn’t enough.
- Mail subject: The subject of the email the user will receive. If you leave it blank, it will be looked up in translation files.
- Mail body: The plain text content of the email the user will
receive. If you leave it blank, the
mail_2fcodeHTML template will be used. The one-time code is stored in the
- Authentication level (Optional): if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5
- Logo (Optional): logo file (in static/<skin> directory)
- Label (Optional): label that should be displayed to the user on the choice screen