Have read that Google will be forcing all users into 2 factor authentication. Am wondering how that might affect the use of Google and Oauth2 for Moodle logins?
Anyone?
'SoS', Ken
Responding to own post/question with update response from Google. Appears am in a loop!
This is last response from Google:
"I'd like to answer your question but I don't want to provide inaccurate information that may lead to a problem. However, I believe our Google developer will be able to answer this question for you.
To determine the best way to get help with the Google API, post a question to the developer community on Stack Overflow.
We use the popular programming Q&A website Stack Overflow to field technical questions. The site is not run by Google, but you can sign in using your Google account. Stack Overflow contains questions on a variety of topics, you can use the tag related to your inquiry to mark questions relevant to this API. To attract the attention of experts in related technologies, consider adding additional tags to your question."
https://stackoverflow.com/questions
Rather than do that, who are the developers of Moodle's Google Oauth2?
Thanks, in advance, for any response that might break me out of the loop!
'SoS', Ken
Yet another follow up ...
I see these forums have a Google button.
Could I ask the admins of these forums if the Google Oauth2 setup in these forums have a 'system account' setup? Not asking for the info on the system account ... only if it's used in the setup of Google's Oauth2.
Thanks, in advance, Ken
Hi Ken,
If experience from Microsoft authentication is anything to by, it won't change anything on the Moodle end. People can already have 2/MFA enabled on their account if they want. So it's between them and Google or whatever their provider is.
Catherine
Thanks for response ... but, as we know ... Google isn't MS.
In the MS setup, does one set up a 'system account' with the authentication set up in Moodle?
'SoS', Ken
I already have 2FA setup for all my Google accounts and we enforce it for all staff too. It shouldn't change anything from Moodle's perspective. When a user logins to their Moodle using their Google credentials for the first time on a new browser, Google will pop up a secondary notification asking for the second factor authentication (whatever that might be; Authenticator app, tap yes on phone etc.).
This is all handled as part of the Google sign-in handshake and so there should be no need to change any code within Moodle.
This is all handled as part of the Google sign-in handshake and so there should be no need to change any code within Moodle.
@Jon - thanks for response.
Do you have a 'system account' set up in your Google Oauth2 on your moodle?
'SoS', Ken
I do, yes. But there would be no need to have a system account for the 2FA part to work... However we set up our system account in Moodle as per the OAuth2 documentation... OAuth_2_authentication
@Jon ... well, Google forced 2 factor on my google accounts today ... GRRRR .... 1 which is/was Google Workspace account and I've been using for Email primarily, was also setup with Moodles. GWS has admin accounts that one has to be able to access to allow the accounts under it's control to be re-enabled. And that's the issue - it's been years since I accessed that admin account! Not sure it exist anymore! Having spent all day on this .... GRRRRR!
By chance have you ever tried to get a human for support? :|
'SoS', Ken
Follow Up on own posting ... how sick is that!
Spent entire day at this and have decided while I don't suffer from 'clas' I seem to have developed 'gas' ... (GUI Avoidance Syndrome - shame on all of you that thought that acronym was literal!) ... Anyhoooooo ...
Seems I used a 3rd Google account to control the other domain! Duh! Secure ... but really fooled myself!
Not sure I like 2 factor still, but will adjust!
Will say this ... Google phone support is a 'spin zone' ... kinda frustrating when using what sounded logical for drilling down to finally reach the auto that sends one back to the web - a never ending support loop.
Such is life these days! :|
'SoS', Ken
In reply to Ken Task
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Visvanath Ratnaweera -
Well, if Google forces something, you know for whose benefit.
Watch 2FA is a Big Tech Scam! You Must Resist!
https://odysee.com/@RobBraxmanTech:6/2fascam:e
Watch 2FA is a Big Tech Scam! You Must Resist!
https://odysee.com/@RobBraxmanTech:6/2fascam:e
N.B. If you have Google, i shouldn't send you to down the Tube.
In reply to Visvanath Ratnaweera
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Ken Task -
Turns out that users can turn 2F off! When Google announced their intentions that was not mentioned.
And, 2F on Google, different than other 2F's I seen with financials. The web screen waiting for the 6 digit entry pauses and on ones phone, there is a link for 'Yes, it's me!' which completes the action on web interface.
Plus, service account setup in Moodle's Oauth2 not affected - which was my major concern.
'SoS', Ken
As I said earlier; Ken - service account is not affected by Google's 2FA - but why turn off the extra protection?
@Jon ... As I thought I described, was concerned about the system account setup in moodle as it acts as a 'pass-thru' (so to speak). Google didn't have any description as to how such an account would affect accounts used as IAM in any applications. Thus the question/posting in these forums.
Have not turned it off ... just mentioned that it could be. Might be handy to know when trouble shooting issues related.
'SoS', Ken
In reply to Visvanath Ratnaweera
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Jon Witts -
Having seen our school being hit by a cyber attack which took the school for many thousands of pounds; all of which would have been impossible had our users been using 2FA; I would disagree that it is a scam!
We now enforce 2FA for all of our school support and teacher accounts, and it has strengthened our cyber defence massively.
I would recommend turning on 2FA for all of your accounts especially email and any accounts with access to payment information...
We now enforce 2FA for all of our school support and teacher accounts, and it has strengthened our cyber defence massively.
I would recommend turning on 2FA for all of your accounts especially email and any accounts with access to payment information...
In reply to Jon Witts
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Visvanath Ratnaweera -
As with many things, the devil is in the detail!
2FA may be good for security, but not for the privacy. Even then, the school collecting the mobile phone number of a student is one thing, Google collecting it is something completely different.
Connecting the stolen data to a the real person is the ultimate win, the gotcha for the bad actor. The phone number is exactly that. Not only that, the discovery allows those bad actors to converge on their kin. "A unique personal identity is required for 2FA" is the myth, the scam. The speaker explains an alternative, which even banks use.
2FA may be good for security, but not for the privacy. Even then, the school collecting the mobile phone number of a student is one thing, Google collecting it is something completely different.
Connecting the stolen data to a the real person is the ultimate win, the gotcha for the bad actor. The phone number is exactly that. Not only that, the discovery allows those bad actors to converge on their kin. "A unique personal identity is required for 2FA" is the myth, the scam. The speaker explains an alternative, which even banks use.
Did you watch the video?
In reply to Visvanath Ratnaweera
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Jon Witts -
I did watch it, yes.
To be clear; we don't enforce 2FA for students, just for staff. Also there is no need to use or provide a mobile number when using Google's 2FA. We have a number of staff who do not have / do want to use a smartphone for 2FA and so the school provides then with a USB 2FA key. This way the school gets the increased security required and the user can choose how they want to implement the required security...
To be clear; we don't enforce 2FA for students, just for staff. Also there is no need to use or provide a mobile number when using Google's 2FA. We have a number of staff who do not have / do want to use a smartphone for 2FA and so the school provides then with a USB 2FA key. This way the school gets the increased security required and the user can choose how they want to implement the required security...
In reply to Jon Witts
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Visvanath Ratnaweera -
Fair enough. I stay km away from Google and just hear in the corridors about their privacy stunts. Yes, you're right. https://www.google.com/landing/2step/#tab=how-it-works says, "Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port."
Looking back, the privacy discussion is an empty one, because this is about logging in to Google. You identify yourself anyway! Its a relief, that you spare your students that price.
Looking back, the privacy discussion is an empty one, because this is about logging in to Google. You identify yourself anyway! Its a relief, that you spare your students that price.
In reply to Visvanath Ratnaweera
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Ken Task -
Unfortunately, one size doesn't fit all .... I, in a former life, worked with public school districts whose total ... that's *TOTAL* .. technology budget was $2500.00 per year ... that's *PER YEAR* ... to support all students, teachers, and staff.
Google very attractive ... free if applied for an edu. And that included Googles Office Suite ... let's see ... $0.00 vs M$'s $25.00 per student. No need to buy/support any Office Suite on devices. Could go on and on ...
And, considering Google offers 'Classroom' .... it's no wonder that in many K12's a huge shift from Moodle to Google has happened. Many are using Moodle now as a quiz machine only. Let's remember that the students of today will become decision makers of tomorrow.
Maybe Jon can confirm this as he has a Google Edu ... users can be restricted ... and filtered. Not only that, but at the close of each students time with the entity, everything that they uploaded/etc. can be moved to a student owned account.
As with anything there is Yin and Yang ... that fact has been in existence since Internet began. Any/ALL has an element of risk.
Anyhoo ... my 2 cents.
'SoS', Ken
Yes, we use Google Edu at my school, or Google Workspace for Education as it is currently called after its latest rebrand... Google's pricing compared to Microsoft's is certainly one of the factors which has led schools to move from MS to Google. Anecdotally I would suggest that the main reason for educators moving from LMS like Moodle to the tools that MS or Google have to offer, is the perceived ease of use of the MS and Google offerings.
We use both at my school and I am keen to affords teachers the freedom to chose which tool they think works best for them. Often once teachers start to find the limitations of the Google Edu tools they come to use the tools that Moodle makes available; however there are great number of teachers who will never progress beyond what the Google tools can offer them. For those teachers, you have to question why they would want to adopt a more *complicated* system such as Moodle...
For what it's worth; all of my online instruction happens through Moodle...
We use both at my school and I am keen to affords teachers the freedom to chose which tool they think works best for them. Often once teachers start to find the limitations of the Google Edu tools they come to use the tools that Moodle makes available; however there are great number of teachers who will never progress beyond what the Google tools can offer them. For those teachers, you have to question why they would want to adopt a more *complicated* system such as Moodle...
For what it's worth; all of my online instruction happens through Moodle...
In reply to Jon Witts
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Visvanath Ratnaweera -
Hi Jon, hi Ken
This is not meant as a jab or any other annoyance. I know you both know what you're doing. It so happened that this news appeared even in the local newspaper [1] , I could not resist. See [2].
This is not meant as a jab or any other annoyance. I know you both know what you're doing. It so happened that this news appeared even in the local newspaper [1] , I could not resist. See [2].
It is about SMS and 2FA, just a day after our discussion above.
In reply to Visvanath Ratnaweera
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Ken Task -
"I could not resist."
Me to:
https://www.axios.com/google-russia-botnet-lawsuit-e46e3f25-ef50-43b4-af0b-442b75c8e27e.html
Google LLC has filed a lawsuit against a botnet named Glupteba, believed to be operated from Russia. It's a network that the company says has been infecting Google services on Windows computers for years.
.... on Windows computers ... why didn't MS report it?
https://www.axios.com/microsoft-website-china-hack-246ce646-b7ed-4bf7-87f5-8d3ebed156b1.html
Answer maybe: MS didn't because they are busy with their own! :|
Anyone run Logwatch? I highly recommend it!
Just today:
A scan like:
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh
probe-ca001.rand0.leakix.org (143.198.136.88)
probe-ny001.rand0.leakix.org (134.122.112.12)
Added to drop zone:
143.198.0.0/16
134.122.0.0/17
Both IP above ... OrgName: DigitalOcean, LLC
I really wonder about 'shared hosting' ... of anything ... not just Moodle!!!!
'SoS', Ken
In reply to Ken Task
Re: Google forcing 2 factor and Moodle's Google Oauth2
by Visvanath Ratnaweera -
As far as Google and privacy are concerned, in the news: https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening.