[DigitalPoint] Security & Passkeys

[DigitalPoint] Security & Passkeys 1.1.1

No permission to download
Compatible XF 2.x versions
  1. 2.0
  2. 2.1
  3. 2.2
Additional requirements
OpenSSL PHP extension
Visible branding
No
Features
  • Support for Passkeys(also known as WebAuthn / FIDO2 security keys) as two-step authentication (hardware devices such as YubiKeys are what large tech companies such as Google require their employees to use to keep their accounts secure).
    • Support for multiple keys per user
  • Option for Days to trust two-step verification. Now you can set it to whatever is appropriate for your site, vs it being hardcoded to 30 days in XenForo.
  • Option for Recommended strong two-step options. This allows you to encourage users to have more than one two-step option (backups in case they loose access to the main one they use).
  • Users can see/manage the trusted devices for their account (under Account -> Password and security -> Two-step verification).
  • Users can see the IP addresses used for their account (under Account -> Password and security).
  • Users can see/manage remembered sessions for their account (under Account -> Password and security).
  • Country-level geo-targeting of IPs for account IPs, sessions and trusted devices is done automatically if the site is using Cloudflare with the the IP Geolocation setting turned on for your zone.
1663041135486.png

1663041324079.png

1663041625649.png

1663041819035.png


1666023147861.png


Note: As an experiment to keep the cost of this addon free, there is an affiliate link used if a user wants to buy a YubiKey.
Author
digitalpoint
Downloads
129
Views
2,637
First release
Last update
Rating
5.00 star(s) 3 ratings

More resources from digitalpoint

Latest updates

  1. Adds option to encourage users to have more than one strong two-step option

    If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than...
  2. Adopt Passkey nomenclature

    This is purely a semantic update that renames security key to Passkey for user-facing verbiage...
  3. Make XenForo's two-step verification block easier to read

    This is purely a cosmetic change that reworks how XenForo presents two-step verification options...

Latest reviews

I like all of the added features (especially the logged-in session data), and I even managed to get my phone working as a "security key" for a couple of forums I am managing, after a couple of tries. (I will have to create a tutorial so forum members can more easily figure it out.)
digitalpoint
digitalpoint
What kind of phone was it? iPhone with iOS 15 should support it natively (iOS 16 makes it even simpler by syncing the private keys on your iCloud keychain so any device you are logged in with should work... including computers), so it already kind of works like "magic". I think Android has plans to make it simple as well if they haven't already.
Installation and configuration of this extension is very simple. I have tested it with a Yubikey and I have to say it works without any issue. Every administrator that would like to improve security of its forum should think about it, because it is another wall to make forums (user account) more secure.
Fantastic set of improvements to XenForo's existing security functions, gives users a better insight on their account privacy and allows for effortless pairing of HSK's :)
Top