实施安全问题 [英] Implementing Security questions

问题描述

我在登录过程中使用了devise.现在我的要求是:

I am using devise for the signin process. Now my requirement is:

*用户将在注册过程中输入一些问题的答案.

*User will enter some answers to the questions during registration.

当用户使用他的电子邮件和密码登录时，将向他询问这些安全性问题.如果答案正确，他将被定向到仪表板，否则，如果他没有回答(3分之2)，则该帐户将被锁定.*

When the user signin with his email and password, he will be asked with those security questions. If the answers are correct, he will be directed to dashboard or else if he fails to answer (2 out of 3), then the account will be locked.*

在Rails中有什么简单的方法可以实现此MFA吗?

Is there any easy method to implement this MFA in Rails?

先谢谢了.

推荐答案

我建议将Devise与安全扩展.这是一个简单的设置，并且可以进行大量的自定义.

I would recommend using Devise with the security extension. It is a simple setup, and allows a ton of customization.

接着将问题添加到登录页面，然后在UserController中添加before_filter

Follow that up with adding the questions to your sign in page and adding a before_filter in your UserController

before_filter :security_question_answered!

强制用户每次登录都回答这个问题可能会变得很乏味.我看到更安全的问题是在没有电子邮件的情况下重置密码.

Forcing the user answer this for every login can become tedious. I see security questions more commonly used for reseting a password when someone does not have an email.

小猪支持Slicedpan，这不是MFA.查看双重因素以进行设计或其他设计.编码愉快.

Piggy backing off Slicedpan, this is not MFA. Look into two-factor for devise or another gem. Happy coding.

这篇关于实施安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！