High Security CMS Profile


Two-Factor Authentication

Two-factor authentication (also known as 2FA) provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. A good example from everyday life is the withdrawing of money from a cash machine. Only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, i.e. something that the user knows) allows the transaction to be carried out.

We propose dividing up hub users between vetted users who will use a specific two-factory authentication system. casual registered users who will use single-factor authentication and guest users who do not authenticate at all.

Any area of HUBzero that we decide requires stronger security will require the user session to have been authenticated by two-factor authentication.

This still relies on the CMS itself to enforce access control. If the CMS becomes compromised this check could be bypassed. To add an additional level of security the web server (Apache) itself can enforce access control if the second factor authentication is a client-side SSL certifcate. Even if the CMS is compromised it becomes more difficult to access the protected areas. To isolate this further

