Redmine email 2-factor authentication
This plugin adds a 2-factor authentication email scheme to Redmine in the style proposed in the patches for Redmine issue 1237.
Each time a one-time-password is required in Redmine, an email is sent to the user with a one-time-password/code and a link the user can click instead of copying and pasting the one-time-password into Redmine.
Please note that this scheme uses the user's email address to deliver the one-time-password and thus offers less security than a "real" second channel, for example SMS, or another one-time-password scheme such as time-based one-time-passwords (TOTP).
Administrators should thouroughly check if this scheme offers the security improvement they require before using this plugin.
The main purpose of this plugin is to demonstrate how the proposed Redmine 2-factor functionality can be extended by plugins in order to offer more channels than just the TOTP as proposed in the patches. Due to the security considerations above, it should probably not be used in production in most scenarios.
This plugin requires the patches for Redmine issue 1237.
Just install the plugin as described above, as long as the plugin is installed the email scheme will be available for 2-factor authentication in your Redmine.
Author & License
Created by Felix Schäfer for Planio GmbH
The Redmine email 2-factor authentication plugin is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with the plugin. If not, see www.gnu.org/licenses.