JCOGS One-Time Passwords
Two Factor Authentication for EE6 and EE7
JCOGS OTP modifies the EE log in process to require a user to enter a six-digit “One-Time Password” in addition to their regular log in credentials; the six-digit code is generated algorithmically from a sixteen character key linked to the user’s account.
Use standard authenticator apps
JCOGS OTP implements the IETF RFC4226 standard for OTP codes, which means the required codes can be generated by most standard “Authenticator apps”.
Or send OTP codes by email
JCOGS OTP supports the sending of the OTP code to the member by email. If the user chooses this option the email is sent automatically during the login process.
Coming soon… SMS support
A later version will add support for the sending of a user’s OTP code by SMS (and possibly other messaging platforms).
Easy to configure
JCOGS OTP uses the Member Roles system introduced in EE6 to control which site members have access to OTP, and to set whether access for a role group is optional or mandatory.
Easy Installation
Copy the jcogs_otp folder to your system/user/addons folder and then install from the ExpressionEngine Control Panel Add-ons page.
Configuration options
Enable or disable OTP - Does what it says on the tin…
Member Role where OTP Use is Required - Choose a member role for which use of OTP will be required. If the members you want to be required to use OTP do not match a current role group perfectly, simply create a new member role and associate them with that new Role.
Member Role where OTP Use is Optional - Choose a member role for which use of OTP will be optional. If the members you want to be required to use OTP do not match a current role group perfectly, simply create a new member role and associate them with that new Role.
Enable sending of OTPs by email - Does what it says on the tin…
Name of Email Sender - Choose the name for the email sender that will be shown when OTP code email arrives.
Email Address of Email Sender - Choose the sender’s email address for the OTP code email.
Advanced Email Options
Subject line for OTP emails - The subject line of emails sent by JCOGS OTP always begins with the Site Label followed by whatever text is specified here. By default this additional text is set to “One-Time Password”.
Email preamble - A paragraph of text that is included in the OTP code email immediately before the line containing the OTP code itself. By default this left blank.
OTP Code Prefix - Text that will immediately preceed the OTP code in the email. By default it is set to “Your OTP Code: “.
Email Closing - A paragraph of text that is included in the OTP code email immediately after the line containing the OTP code itself. By default this left blank.
Change email Reply-To settings
Allows you to specify an email account to which replies to the OTP email should be directed. If this is not specified then most email systems will direct the reply to the email address given for the sender.
Name of Reply-To Account - Choose the name for the email sender that will be shown when OTP code email arrives.
Email Address of Email Sender - Choose the sender’s email address for the OTP code email.
Usage notes
Resetting the OTP Key
Each member is assigned a unique key that is used to generate and validate the OTP codes. There are three ways in which this code can be reset:
- If the member’s EE login password is changed for any reason (forced, they request etc.);
- If the member enters invalid OTP codes more than three times in a row;
- If the member opts to change the mode of OTP delivery (e.g. from email to authenticator).
Support
Support is available from JCOGS Design via email sent to otp_addon@jcogs.net or via @JCOGS Design the EE Slack discussion area.