OTP Authentification

by
Odoo          
v 10.0 Third Party 62
Download for 10.0 series Deploy on Odoo.sh
You bought this module and need support ? Click here !
Technical name auth_otp
LicenseAGPL-3
Websitehttp://vertel.se
Repositoryhttps://github.com/vertelab/odoo-auth.git#10.0

OTP Authentification

Allow users to login using one time password (OTP)
and two-factor authentication (2FA).

Odoo image and text block

Login using two-factors

This module adds a verification code to the login form. The user has to know his password and have a piece of hardware storing a shared secret, usually a smartphone.

If there is other autentications modules installed then this method will be the second instead of password.

Use your phone

Instal an OTP-app on your phone and you are ready to use this kind of secure authorization. FreeOTP is one of many apps that has implemented the standardized TOTP or HOTP protocols.

FreeOTP adds a second layer of security for your online accounts. This works by generating one-time passwords on your mobile devices which can be used in conjunction with your normal password to make your login nearly impossible to hack. These passwords can be generated even when your phone is in airplane mode.

Odoo text and image block
Odoo text and image block

Login using two-factors

This module adds a verification code to the login form. The user has to know his password and have a piece of hardware storing a shared secret, usually a smartphone.

If there is other autentications modules installed then this method will be the second instead of password.

QR-codes for provision

The shared sectret are provisioned using QR-code in the password
reminder mail, along with QR-codes for Android and IOS apps (FreeOTP).

  • OTPs involve a shared secret, stored both on the phone and the server

  • OTPs can be generated on a phone without internet connectivity

  • OTPs are combined with your password so if your phone is lost, your account is still secure

Odoo image and text block

To override OTP-authentication, if something gone wrong, you can add "otp_override = True" in the server config file. Then the system will only check password again.

Open MFA standards are defined in RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and in RFC 6238 (TOTP: Time-Based One-Time Password Algorithm).

* https://freeotp.github.io/
* https://authy.com/
* https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.