Koha 2FA (two-factor authentication)

This blog will provide an overview of what 2FA (two-factor authentication) in Koha is and how you can improve your Koha security.

The 22.05 release of Koha introduced 2FA (two-factor authentication) for library staff members. 2FA is a great security measure to protect data and who can access your Koha instance. In this blog post, we’ll provide an overview of what 2FA in Koha is and how you can improve your Koha security.

What is 2FA in Koha?

2FA(external link) is a security method used to verify a user’s identity when logging into a site to ensure there’s no unauthorised access. The chances are you’ve used 2FA without even knowing as it is commonly used in many online platforms and services. But first, let’s explain what a login process looks like without 2FA.

Only entering your username and password to log in is called single-factor authentication.(external link) So, if someone guesses or hacks your password they can access your account as there’s no extra security measures in place.

Essentially, 2FA is a step up from single-factor authentication. Basically, there’s an additional barrier ahead of a successful login called the ‘second factor’. That means, if your password is compromised and someone tries to use it but doesn’t have access to your second factor, they can’t get in. A second factor is often a code sent to your phone or a time-based one-time password(external link) (TOTP). That means it’s highly unlikely someone can move beyond the login screen.

Additionally, 2FA notifies you when someone is trying to access your account. So, if you receive a code and aren’t currently trying to log in it’s a good idea to change your password. Without 2FA, you wouldn’t have been able to identify the attempt or prevent unauthorised access.

What are the benefits of 2FA in Koha?

  • 2FA in Koha ensures only persons who require access have it. This second Koha security layer better protects your account from unauthorised access.
  • Your information remains secure, including all the library and member data you have access to.
  • If you have data sovereignty agreements in place, member data remains protected as per your requirements and isn’t compromised offshore.

How can I set up 2FA in Koha?

Before you begin, it’s a good idea to download an authenticator app on your phone if you don’t already have one. Choosing an authenticator enabling a 2FA backup means you can access your 2FA even if you don’t have access to your phone.

You can set up 2FA in Koha by following these steps.(external link)

Where can I get Koha support?

Catalyst Rōpū kohinga cares for collections through technology. The dedicated team has been hosting and maintaining Koha for organisations all over the world for more than a decade. Additionally, they also provide support for DSpace, VuFind, and other collections technologies.

A few Koha user groups are coming up, where the Koha community will come together to learn and share all things Koha. If you’d like to come along, find more information on the Catalyst website.

If you need expert support to improve, manage, or secure your Koha, contact our team.

You can also subscribe to our collection technologies newsletter(external link) to keep up to date with the latest tips and tricks.