Put a Latch on your Umbraco backoffice

TL;DR

Watch the video at the bottom of this post.

What is Latch?

Some time this year, I found Latch which is a very cool service that allows you to protect your online identities by closing or opening them. The way it works is very simple yet powerful. For instance, let's take my Twitter account as an example.

By default, If someone knew my credentials they could impersonate me and send tweets on my behalf. To prevent that I could install the Latch application on my mobile phone and create a Latch for my Twitter account. A Latch has 2 states: open or closed. If it is open I'm able to enter and use my account normally, but if it is closed I can't enter to my account, even if the credentials are correct. Additionally, the Latch mobile application sends me a notification if someone tries to access to my account with the correct credentials.

As we can see, Latch works as a second factor authentication, 2FA for short. This is not new and there are multiple implementations of 2FA mechanisms, being a SMS code the most common one. Some of the advantages of using Latch for this purpose are:

This is the primary use for Latch, but definitely not the only one. It can also be used as an authorisation mechanism. For example I could create a Latch to allow or disallow money transfers on my bank account.

To wrap up, a Latch is nothing more than something you can open or close to allow or disallow an operation and what you can protect with it depends on the provider implementation.

If you want to know more about Latch, go to their official website.

So, where is Umbraco involved here?

Since I discovered the service, I thought that it would be cool and, most important, useful to make a package for Umbraco. Also, there was a contest held by Eleven Paths to create a latch plugin. This is how Umbraco Latch was born.

Umbraco Latch is a package that allows the administrator to protect different operations within the backoffice by using Latch. The administrator part is key because not every user can configure Latch in their Umbraco account, but it is only the administrator who configures and manages the Latch operations.

The things you can protect with this package are:

Furthermore, it gives you great flexibility by allowing you to pick if a Latch applies to all the CMS users or only to a segment of them. In the content operations, it allows you to pick which nodes you want to apply the operation.

A couple of use cases could be:

All the information about the package can be found on the official documentation page at: https://umbracolatch.readme.io/docs.

The Umbraco package can be found at: https://our.umbraco.org/projects/backoffice-extensions/umbraco-latch.

The source code is open sourced under the LGPL 2.1 license and you can find it on Github at: https://github.com/camaya/umbraco-latch.

Video

Here's a video where you can see a demo of the package.

I would love to know how you use this or any thought you have about it. As always, you can reach me out on Twitter @_camaya.

Are you still here? Go and Latch your backoffice!

Cheers.