Page MenuHomePhabricator

Add "High Security" mode to support multi-factor auth
ClosedPublic

Authored by epriestley on Apr 24 2014, 1:55 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 27, 5:28 PM
Unknown Object (File)
Sat, Mar 23, 1:19 PM
Unknown Object (File)
Feb 13 2024, 2:00 PM
Unknown Object (File)
Feb 5 2024, 11:59 AM
Unknown Object (File)
Feb 5 2024, 11:59 AM
Unknown Object (File)
Jan 26 2024, 2:23 AM
Unknown Object (File)
Jan 15 2024, 7:10 PM
Unknown Object (File)
Jan 9 2024, 3:36 AM
Subscribers
Tokens
"The World Burns" token, awarded by btrahan.

Details

Summary

Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode".

This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots.

Test Plan

See guided walkthrough.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley retitled this revision from to Add "High Security" mode to support multi-factor auth.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added reviewers: btrahan, chad.

When you try to take a "high security" action (like adding a new public key to your account)...

Screen_Shot_2014-04-23_at_6.25.45_PM.png (971×1 px, 174 KB)

...you get prompted to enter "high security" mode. In the future, this will request an SMS code, TOTP token, or password:

Screen_Shot_2014-04-23_at_6.25.47_PM.png (971×1 px, 119 KB)

If you get past the prompt, you enter high security and can perform the action. High security is bound to your session and lasts for 15 minutes. While in high security, a persistent notification reminds you to leave it when you're done.

Screen_Shot_2014-04-23_at_6.25.51_PM.png (971×1 px, 152 KB)

The session panel has been updated to show which sessions are in high security. You can downgrade your session to normal security from this UI, too.

Screen_Shot_2014-04-23_at_6.25.58_PM.png (971×1 px, 275 KB)

If you downgrade or click the notification, you leave high security:

Screen_Shot_2014-04-23_at_6.26.26_PM.png (971×1 px, 117 KB)

Choosing to leave restores your session to normal:

Screen_Shot_2014-04-23_at_6.26.29_PM.png (971×1 px, 98 KB)

btrahan awarded a token.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Apr 25 2014, 1:03 AM
epriestley updated this revision to Diff 21062.

Closed by commit rPf42ec84d0c6b (authored by @epriestley).