TYPO3 hmac-based one-time password provider
This extension adds the HOTP (hmac-based one-time password) MFA provider to TYPO3, using the new MFA API, available since TYPO3 v11.1. It can furthermore be used as an example extension on how to integrate a custom provider into TYPO3.
Important: For better understanding, especially for editors, the provider is referred to as Counter-based one-time password in the TYPO3 backend.
Note: Since the TYPO3 MFA API is still experimental, changes in upcoming releases are to be expected.
The HOTP MFA Provider is based on a shared secret, which will be exchanged between an OTP application (or device) and TYPO3. Each code takes the initially defined shared secret and an increasing counter value into account. Each code is only valid once, since the counter value will be updated on both sides after every authentication attempt. Therefore, this provider is also called Counter-based one-time password.
To use this provider:
- Navigate to the MFA module in the TYPO3 backend and click on "Setup"
- Scan the QR-code or directly enter the shared secret in an OTP application or device
- Enter the generated six-digit code in the corresponding field
- Submit the form to activate the MFA provider
- Alternatively also activate the built-in
You can read more about the implementation in the official changelog.