- Compatible XF 2.x versions
- 2.0
- 2.1
- Additional requirements
- Fido U2F requires you to use HTTPS. More info: https://apantic.zendesk.com/hc/en-us/articles/115004819714-Requirements
- License
- https://nanocode.io/terms
- Updates duration
- 6 months support & updates included (renewable)
- Visible branding
- No
Account security is essential. Provide your users with choice and increase account security.
Extended Two Factor by nanocode aims to add more 2FA methods that are more secure and convenient for your users.
Current supported 2FA methods:
This add-on can be purchased by the automatic system on nanocode's Products website.
Payments can be made via credit/debit cards (via Stripe) or PayPal.
License
This add-on is distributed under the terms of nanocode product license. You can view it here: https://nanocode.io/terms
Support
We pride ourselves on having fast support response times and quick bug resolution.
If you have any problems, please create a ticket.
* Please note that Twilio SMS charges will apply. See: https://www.twilio.com/sms/pricing
Extended Two Factor by nanocode aims to add more 2FA methods that are more secure and convenient for your users.
Current supported 2FA methods:
- Security Key (Fido U2F), adding support for YubiKey as well as other U2F security key devices
- SMS 2FA (via Twilio*) to allow users to use their mobile phones as 2FA devices
- Enable/disable 2FA providers, giving you (the administrator) control over what 2FA methods can be used by your users. Disable 2FA methods you find insecure or do not wish to offer.
This add-on can be purchased by the automatic system on nanocode's Products website.
Payments can be made via credit/debit cards (via Stripe) or PayPal.
License
This add-on is distributed under the terms of nanocode product license. You can view it here: https://nanocode.io/terms
Support
We pride ourselves on having fast support response times and quick bug resolution.
If you have any problems, please create a ticket.
* Please note that Twilio SMS charges will apply. See: https://www.twilio.com/sms/pricing
Regarding double authentication by SMS, if you're referring to the fact that if a new login is initiated where SMS is the 2FA method that a new code is sent out, this is as-designed behaviour and not a bug - and this is the same behaviour most sites implementing SMS for 2FA use. We're aware of a concern that this could be abused to spam requests and will consider implementing some sort of maximum limit in a period, but note that this could also result in locking legitimate users out of accounts.
Regarding Yubikey, we're aware of some concerns getting it to work. In most cases, these can be due to incorrect configuration. Your board URL must be the same URL as the one the user is accessing it from, and you must use HTTPS. If you're certain these conditions are fulfilled, and have tried the latest version, please make a ticket so we can further investigate.