I mostly blog about the Joomla! Content Management System, business networking, and other geeky subjects which I think are interesting.
The next generation of website security - two factor authentication
Security is something that always seems to be in the headlines - especially when it comes to websites and servers being hacked or organisations losing important data. The Joomla! project takes security very seriously, and over the years has led the way for millions of websites around the world to take advantage of these advances.
The latest version of Joomla! which is currently a short term support (STS) release - 3.2 - introduces some pretty significant features, one in particular which we will be implementing for all customers moving forward - two factor authentication.
When you log into your website, you need a username and a password - something which we all know could theoretically be guessed by somebody trying to gain access to your website or stolen using a keylogger which intercepts the keys you press on your computer. This represents quite a significant risk and has resulted in all kinds of problems over the years.
Two-factor authentication improves the security of your site by requiring something you know (your username and password) alongside something you have (an authorisation token). This means that if somebody manages to get your username and password, they still can't log in without the randomly generated authorisation code from your device.
Joomla! 3.2 allows you to use Google Authenticator (an app you can download from the app store) or a YubiKey - a small device which can be used to generate a random password at the touch of a button (read more here) - to generate an authentication token which then allows you to log in when provided in conjunction with your username and password.
We have been trialling the Yubikey method in the office, and we were really impressed by the simplicity of both setting up the two factor authentication and using the device to log in, that we are planning to roll this out to all of our clients who have server or website support contracts with us over the coming months.
Here is a video explaining how Two Factor Authentication works - if you'd like more information do get in touch!