Two Factor Authorization Now Supported in OSCAR

Share this

Thanks to Dr. Peter Hutten-Czapski for implementing this!

OSCAR 19.5 community edition now supports two factor authentication via secure time cycling PIN to enter upon login. This is a great addition for security improvement, meaning it will be less likely to be susceptible to hacks if users are set to provide two factor authorization codes to login.

For details on 2FA in OSCAR see this article: User Management – World OSCAR

What is 2FA – see What is 2FA? Two-Factor Authentication explained | TechRadar

Brief explanation:

Multifactor security improves login by requiring something you know (your password) and something you have (your configured cellphone).

With 2FA enabled, the user will scan a QR code to add to their TOTP (time-based-one-time-passcode) app, i.e. Google Authenticator, Microsoft Authenticator, LastPass Authenticator etc. (dozens of options exist), which then generates a cycling time-sensitive PIN. Then upon login to OSCAR, in addition to regular login credentials, they will enter the TOTP from the authenticator app in order to finalize login if this option is enabled.