privacyIDEA 2.13 released – Improved Text Messages and PIN

Yes I know. And I also always said, please do not use SMS for two factor authentication. Rely on a decent piece of hardware. Although you should stop using text for two factor authentication, privacyIDEA supports text messages or SMS besides a long list of other token types.iphone-388387_640

Text message (SMS) enhancements

Nevertheless privacyIDEA 2.13 comes with improved SMS handling. But be sure, SMS can not only be used for authentication but for many other things. privacyIDEA 2.13 now lets you define a central list of SMS gateways – just like with centrally defined SMTP servers and RADIUS servers. Now privacyIDEA can centrally define all communication channels it needs. Defining your SMS gateway centrally eases the setup of your SMS token type.

But text messages now can also be used to notify users in case of certain events. The event handling with user notification was added in version 2.12 with notification via email – now you can also use text messages.

These SMS gateways could be used for other features in the future like notifying administrators in case of certain errors… Feel free to open any feature request on github.

PIN handling

The second main features is PIN handling. You may have noticed the new logo of privacyIDEA.

privacyIDEA – the flexible, modular authentication system.

You can see the bottom line “Authentication System”. Already a while ago privacyIDEA left the track of a pure OTP system, when adding support for SSH keys, certificates and Yubikeys for LUKS.

privacyIDEA can now take care about PIN policies and require the user to change the PIN after a defined time span. You can also set a policy that a user will have to change the PIN after first use! I am curious what you think about the PIN thing. If you have any further ideas about passwords and PINs drop us a note, write a comment or and issue on github.

Further Enhancements


  • Performence enhancements in the Web UI regarding the token view and the audit log.
  • An additional log level below “DEBUG”. Debug will log no passwords. If you need passwords in your debug output, set the loglevel to “9”.
  • Quick actions in the token list. Try and click on the Failcounter or the “active” column.
  • Intelligent proxy handling or “OverrideAuthorizationClient” setting, which allows to define, which proxy server is allowed to change the client information.

The full changelog can be found here.

Leave a comment