+2
Under review

Confusing users with an admin login link?

Bob Rose 4 weeks ago in BLOX CMS updated by Kevin M. Cox 4 days ago 8

The latest Flex release said: "We are adding a new "admin link" to login screens which will be used by TownNews staff only."
So now, when users go to log in, they see an Admin login link ... thinking maybe that's where the log in to administer their account (change passwords, billing, etc.). When they click they are taken to or blox admin panel, where their login efforts will be unsuccessful. 

Question: How does having the Admin Login link their help users?
If we really needed it... couldn't we hide it somewhere on the site less prominently, or use lotame to only expose it to admins?

Agreed, it doesn't make much sense to expose this here. What problem is this solving for Town News staff?

Under review

The admin link is not for consumers - it's for site staff and for superusers. The wording perhaps needs to be changed - but when two-factor authentication is released - you will not be able to login to the frontend using your staff account without following that link and logging in via the BLOX admin.

Interesting.

Maybe just rename the link "Staff login" as an alternative? Or just have a dedicated login page/process that staff need to use instead of the public one?

I guess you can't just expose the TOTP field when needed for accounts that have 2FA active? This is how most sites work. The username/password field is exposed to all, then when you try to login with an account that requires 2FA you get directed to a second form to enter your TOTP code and complete the login.

Yeah, I had suggested that we will re-label as Staff Login to see if that clears up confusion. The problem with a dedicated login page for staff is that it doesn't fit into the login workflow in all cases. Federated login workflows through the Townnews Now mobile app and paywall workflow in particular become burdensome because you would need to bail out of that process entirely, login, and then restart your workflow from just before you were forced to login.

The workflow for staff/super users is to login through the BLOX admin - which may have TOTP enabled optionally. Once logged, in - they would be redirect back and will be logged in.

We might consider switching to the other workflow you mention - but keep in mind that will affect most of your end-users as well - and they aren't going to have two-factor authentication - so you'll be making most of the end users suffer through a two screen login for no reason.

My suggestion is that the two-screen login only occurs when the system sees that it needs the TOTP code to complete. If an account doesn't have 2FA enabled that second screen doesn't need to be shown.

Use any major site as an example, like Facebook. If you visit Facebook.com there is a username/password login form at the top right of the page. Enter your credentials there and click Log In. If the account does not have 2FA enabled they are immediately logged in. If they do have 2FA enabled they are redirected to a second screen to enter their TOTP code.

Following this model would mean regular end users never see that second screen, only staff members with 2FA enabled will.

This is all part of a giant security move on BLOX admin accounts - both staff and superusers. Neither the password nor the 2FA code should be entered through the frontend where the template system or 3rd party widgets could be added to intercept or capture these two critical pieces of data. As such, forcing admin users to login to the BLOX admin user interface provides a locked-down experience free from that concern.

I'm all for the security upgrade and submitted a feature request (Ticket 802892) for 2FA earlier this summer. So I'm glad to hear that is coming.