There is a need for good secure authentication. This project is a very light implementation of authentication server. Three different types of authentication method have been implemented.
| 1st Factor | 2nd Factor | Security |
|---|---|---|
| Password | None | Weak - password can be guessed |
| Password | TOTP | Medium - prone to phishing attack |
| Password | WebAuthn | Strong |
U2F key with WebAuthn protocol improves web security. It is possible to go password-less. However, it will be awhile before mass adoption takes place.
Go to Demo Site
* register your own accounts please
-
Add OAuth2 support -
Add Swagger documentation - Add source IP check against previously recorded source IPs
- Add backoff period when password auth or totp auth fails three times in a row
- Add browser agent check against previously recorded browser agents