Two Factor authorization, like Gmail has, to Confluence

Problem definition

Security of Confluence content is very important for many of our customers and securing the login action is the first step to ensure valid authentication to protect confidential information. Currently, Confluence offers only email/username password combination is available.

Suggested Solution

Two factors authentication can be adopted to add more security to Confluence login action.
Many solutions are available, like Gmail approach for two factor:

• SMS based, no new hardware needed
• Can authorize a browser for up to 30 days from a single two factors auth (e.g. only pw is needed for 30 days, and on day 31 you have to do the whole two factors dance)
• Gmails approach is a nice combination of security and ease of use but others are available too.

Plugins as workaround

There is 2 plugin offering this features

1. 2-Factor Auth Secure Login - Confluence
2. Duo for Confluence.