by Andreas Grupp.
Ok, anything that integrates better den a2fa is welcome. But I agree totally with you that an authentication module that integrates totally to the Moodle login process would be the best way. I am thinking of the following behavior:
- User has a Moodle account in any way (manual, LDAP, ...) and is able to login by username and password
- In the users profile there is a link to activate two-factor-authentication. The following steps to activate the two-factor-authentication are similar to the way it is done for example in Dropbox. Whether it is really necessary to have a QR-code to scan the shared secret or not is not important in my opinion. It is also possible to just type the secret into a textfield in the app on a smartphone.
- During the login process Moodle prefers the 2-factor-auth-module and looks whether this login variant is activated for the user. If it is this way - the third field for the code is shown. If the user is not registered for the two-factor-authentication there is a fallback to the other login-modules.
Do you think the integration in this way is a complex task and can not be done with your code?