Forum / Password Vault Manager - Feature Request

Correct implementation of two factor integration

  • Create an Issue
  • Cancel

Currently, I can only register a single instance of PVM to my Google Authenticator or Duo Mobile 2FA applications. This is because PVM incorrectly binds the vendor ID ('PasswordVaultManager') to the account field instead of the application field and does not allow the user to uniquely identify the 2FA pairing using the account field (e.g. 'home' or 'user@email.nul').

--sky

Clock5 yrs

Hi,
We did that to keep it simple. I will make sure to allow the option to override it.

David Hervieux

signaturesignature

Clock5 yrs

Excellent! Thank you.

Clock5 yrs

Hello,

This should be available in the current beta version of RDM. You can download it here: http://remotedesktopmanager.com/Home/Download#beta

This is available in File > Options > Security tab. This won't affect the 2 factor authentication for the datasources, just with RDM. If you can give it a try and give us some feedback, it would be appreciated.

Regards,

Hubert Mireault

signaturesignature

Clock5 yrs

I will give it a whirl, sir!

Clock5 yrs

Observations:

Able to add custom account OK. But, the application field is blank (see attached image for example).

Embedding a slash (/) in the account identifier caused the bar code reader to fail, as the string must be URL escaped before being passed to the API.

Clock5 yrs

Hello Daniel,

When I put in a "/" or %2F, both of them resolve to a "/" in the google authenticator account name without the bar code reader failing, could you give me an example of what you write in that makes the reader fail?

As for the application field, I'll see what I can do and get back to you about it. I think the picture didn't post with your last post, so if you could try reposting the screenshot, it'd be appreciated.

Regards,
edited by Hubert Mireault on 7/9/2015

Hubert Mireault

signaturesignature

Clock5 yrs

Here's the image I meant to link: https://dl.dropboxusercontent.com/u/12998605/rdm/IMG_0068.jpeg

Clock5 yrs

I entered 'RDM / sky.schulz@2k.com' and when trying to link the account got the following error message in Google Authenticator: https://dl.dropboxusercontent.com/u/12998605/rdm/IMG_0069.PNG

Clock5 yrs

I think it's just a matter of binding the issuer parameter: https://github.com/google/google-authenticator/wiki/Key%20Uri%20Format

The recommended practice is to both prefix the Label and include the Issuer parameter with issuer identity, to prevent account collisions: https://github.com/google/google-authenticator/wiki/Conflicting-Accounts
edited by sky@ogn.org on 7/9/2015

Clock5 yrs

The issuer feature will be implemented in the next RDM version.

As for the issue with the QR code not working properly, it has to do with the spaces. It seems the iOS version of Google Authenticator is unable to scan QR codes that link to URLs with spaces, even if the characters are escaped. I hadn't seen this issue since I tested with the Android version. There doesn't seem to be a way around it, so the spaces would have to be removed if using Google Authenticator with an iPhone.

Regards,

Hubert Mireault

signaturesignature

Clock5 yrs