Category Archives: Idno

Posted on
by

Two factor authentication (also known as 2FA), is a mechanism to provide extra security to website accounts by requiring a special one time use code, in addition to a user name and password.

This code is typically generated by a hardware dongle or your phone, meaning that you must not only know the password, but also physically have the code generator.

I thought it would be cool if Known had this capability, and so I wrote a plugin to implement it!

How it works

Once the plugin is installed and activated by the admin user, each user will be able to enable two step authentication through a menu on their settings page.

Enabling two factor will generate a special code, which can be used to generate time limited access tokens using a program such as the Google Authenticator. To make setup easier, the plugin generates a special QR code which can be scanned by the reader.

From then on, when you log in, you will get an extra screen which will prompt you for a code.

Enter the code produced by your authenticator and you will be given access!

» Visit the project on Github...

Posted on
by

This is just a quick post to nudge you towards a little plugin I wrote for Known which enforces a minimum password strength for user passwords.

The plugin works by calculating the entropy of the password based on NIST recommendations, and rejecting passwords where the entropy is too low.

By default, the minimum entropy is 44, however this can be changed through a configuration setting.

For this plugin to work, until my pull request is merged into the core code, you’ll need to apply patches available from my password validation branch.

Anyway, give it a kick about!

» Visit the project on Github...

Image “Password Strength” by XKCD

Posted on
by

Known supports syndication to a number of silos (twitter, facebook etc), but since I also have some contacts on LinkedIn, I thought it would be handy to syndicate to them as well. So, I wrote a quick plugin to do just that…

Once installed and activated, you will need to get a LinkedIn application ID and secret key from the developer site (instructions in the plugin’s admin page). After you have entered these in the admin panel, users will have the option of authenticating their account and syndicating posts to LinkedIn.

The plugin currently supports status updates (although, in a rather limited way owing to LinkedIn’s API), article posts and images.

Give it a try!

» Visit the project on Github...