diff options
| -rw-r--r-- | doc/config.rst | 7 | ||||
| -rw-r--r-- | doc/second_factor.rst | 41 | ||||
| -rw-r--r-- | doc/setup.rst | 1 | ||||
| -rw-r--r-- | doc/user.rst | 1 |
4 files changed, 50 insertions, 0 deletions
diff --git a/doc/config.rst b/doc/config.rst index 91365b1c41..a1255ae644 100644 --- a/doc/config.rst +++ b/doc/config.rst @@ -3345,6 +3345,13 @@ Developer * The setup script is enabled even with existing configuration. * The setup does not try to connect to the MySQL server. +.. config:option:: $cfg['DBG']['simple2fa'] + + :type: boolean + :default: false + + Can be used for testing second authentication factor. + .. _config-examples: Examples diff --git a/doc/second_factor.rst b/doc/second_factor.rst new file mode 100644 index 0000000000..a1a0d03c9e --- /dev/null +++ b/doc/second_factor.rst @@ -0,0 +1,41 @@ +.. _2fa: + +Second authentication factor +============================ + +.. versionadded:: 4.8.0 + +Since phpMyAdmin 4.8.0 you can configure second authentication factor to be +used when logging into it. To use this, you first need to configure +:ref:`linked-tables`. Once this is done, every user can opt-in for second +authentication factor in the :guilabel:`Settings`. + +Authentication Application +-------------------------- + +Using application for authentication is quite common approach based on HOTP and +TOTP. It is based on transmitting private key from phpMyAdmin to the +authentication application and the application is then able to generate one +time codes based on this key. + +There are dozens of applications available for mobile phones to implement these +standards, the most widely used include: + +* `FreeOTP for iOS, Android and Pebble <https://freeotp.github.io/>`_ +* `Authy for iOS, Android, Chrome, OS X <https://www.authy.com/>`_ +* `Google Authenticator for iOS <https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8>`_ +* `Google Authenticator for Android <https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2>`_ +* `Google Authenticator (port) on Windows Store <https://www.microsoft.com/en-us/store/p/google-authenticator/9wzdncrdnkrf>`_ +* `Microsoft Authenticator for Windows Phone <https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj>`_ +* `LastPass Authenticator for iOS, Android, OS X, Windows <https://lastpass.com/auth/>`_ +* `1Password for iOS, Android, OS X, Windows <https://1password.com>`_ + +Simple Second Factor +-------------------- + +This authentication is included for testing and demostration purposes only as +it really does not provide second factor, it just asks user to confirm login by +clicking on the button. + +It should not be used in the production and is disabled unless +:config:option:`$cfg['DBG']['simple2fa']` is set. diff --git a/doc/setup.rst b/doc/setup.rst index 6217a2c6dc..0c1a49cb54 100644 --- a/doc/setup.rst +++ b/doc/setup.rst @@ -1030,6 +1030,7 @@ are always ways to make your installation more secure: * In case you don't want all MySQL users to be able to access phpMyAdmin, you can use :config:option:`$cfg['Servers'][$i]['AllowDeny']['rules']` to limit them or :config:option:`$cfg['Servers'][$i]['AllowRoot']` to deny root user access. +* Enable :ref:`2fa` for your account. * Consider hiding phpMyAdmin behind an authentication proxy, so that users need to authenticate prior to providing MySQL credentials to phpMyAdmin. You can achieve this by configuring your web server to request diff --git a/doc/user.rst b/doc/user.rst index 1a89952291..7321989ced 100644 --- a/doc/user.rst +++ b/doc/user.rst @@ -5,6 +5,7 @@ User Guide :maxdepth: 2 settings + second_factor transformations bookmarks privileges |