[DigitalPoint] Security & Passkeys

[DigitalPoint] Security & Passkeys 1.1.3

No permission to download
Compatible XF 2.x versions
  1. 2.0
  2. 2.1
  3. 2.2
Additional requirements
PHP 7.1 or higher
OpenSSL PHP extension
Visible branding
  • Support for Passkeys(also known as WebAuthn / FIDO2 security keys) as two-step authentication (hardware devices such as YubiKeys are what large tech companies such as Google require their employees to use to keep their accounts secure).
    • Support for multiple keys per user
  • Option for Days to trust two-step verification. Now you can set it to whatever is appropriate for your site, vs it being hardcoded to 30 days in XenForo.
  • Option for Recommended strong two-step options. This allows you to encourage users to have more than one two-step option (backups in case they loose access to the main one they use).
  • Users can see/manage the trusted devices for their account (under Account -> Password and security -> Two-step verification).
  • Users can see the IP addresses used for their account (under Account -> Password and security).
  • Users can see/manage remembered sessions for their account (under Account -> Password and security).
  • Country-level geo-targeting of IPs for account IPs, sessions and trusted devices is done automatically if the site is using Cloudflare with the the IP Geolocation setting turned on for your zone.





Note: As an experiment to keep the cost of this addon free, there is an affiliate link used if a user wants to buy a YubiKey.
First release
Last update
5.00 star(s) 4 ratings

More resources from digitalpoint

Latest updates

  1. Better error handling

    Give the user a better error message if they try to create a Passkey entry without actually...
  2. Lowering PHP requirements

    Checking for PHP version 7.1.0 or higher Removed dependency on third-party library to get list...
  3. Adds option to encourage users to have more than one strong two-step option

    If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than...

Latest reviews

Excellent now we're able to use multiple hardware yubikeys to strenthen login. Perfect (but should be native Xenforo functionality)
I like all of the added features (especially the logged-in session data), and I even managed to get my phone working as a "security key" for a couple of forums I am managing, after a couple of tries. (I will have to create a tutorial so forum members can more easily figure it out.)
What kind of phone was it? iPhone with iOS 15 should support it natively (iOS 16 makes it even simpler by syncing the private keys on your iCloud keychain so any device you are logged in with should work... including computers), so it already kind of works like "magic". I think Android has plans to make it simple as well if they haven't already.
Installation and configuration of this extension is very simple. I have tested it with a Yubikey and I have to say it works without any issue. Every administrator that would like to improve security of its forum should think about it, because it is another wall to make forums (user account) more secure.
Fantastic set of improvements to XenForo's existing security functions, gives users a better insight on their account privacy and allows for effortless pairing of HSK's :)