[FreddysHouse] Two-factor Authentication

Unmaintained [FreddysHouse] Two-factor Authentication 1.3.3

No permission to download
Overview FAQ Updates (6) Reviews (15) History Discussion
Compatible XF 1.x versions
  1. 1.2
  2. 1.3
License
Creative Commons Attribution 3.0 Unported (CC BY 3.0), GNU General Public License and MIT license
Visible branding
No
Add-on is now managed by @Deebs

This add-on provides XenForo with two-factor authentication using Google's Authenticator app or Yubico YubiKeys.

The idea behind multi-factor authentication is that you don't rely on just a password to login - instead you require (at least) two of these:
  • Something the user knows (their password).
  • Something the user has (a YubiKey, the Google Authenticator app on their smartphone).
  • Something the user is (a fingerprint, not used in this add-on).
If a hacker is able to gain access to the user's password (e.g. a bad person installs a key logger on the user's computer) they are still not able to log in without physical access to the two-factor device.

I recommend also installing [FreddysHouse] Logger, this add-on will log useful information only if that add-on is installed.

The add-on has the following features:
  • Supports Google Authenticator time-based keys.
  • Supports Yubico YubiKeys.
  • Controlled by permissions.
  • Trophy criteria for users that are using two-factor authentication.
  • Provides detailed logging for admins (if [FreddysHouse] Logger is installed).
  • Provides additional security for your community & also protects your admin control panel.
  • Supports lost keys (works in the same way as a lost password, emails the user for validation and disables two-factor authentication for the user if they click a link in the email).
Installation

Upload the contents of the upload directory to your XenForo directory. Install the add-on XML using the control panel.

Once installed, go to the 'Home' tab, then click 'Install Method' from the 'Two-factor Authentication' section of the menu (if you cannot see the 'Two-factor Authentication' section please give yourself the 'Manage two-factor authentication' admin permission).

Select the XML file of the method you wish to install (e.g. twofactor-GoogleAuthenticator.xml for Google Authenticator). You can repeat this to install different methods.

Once you've added a method you should then configure the permissions. There are two permissions you can configure:

  • Use two-factor authentication. This lets you control which users are able to use two-factor authentication.
  • Maximum two-factor keys. Configure how many keys a user can have.
Yubico Yubikey authentication requires an API key in order to communicate with the Yubico authentication servers. You can get an API key from them here(you need to own a YubiKey to generate an API key).

Usage

A special two-factor section has been added to the 'Your Account' section of XenForo. From here users can view, add and remove two-factor authentication keys.

This add-on uses jQuery.qrcode by Lars Jung.

Funded by and developed for FreddysHouse (http://www.freddyshouse.com).
Related resources
This add-on uses [FreddysHouse] Logger for logging.
  • account_twofactor_2.webp
    account_twofactor_2.webp
    47.2 KB · Views: 1,552
  • account_twofactor.webp
    account_twofactor.webp
    45.5 KB · Views: 1,537
  • add_google_authenticator.webp
    add_google_authenticator.webp
    60.7 KB · Views: 1,528
  • add_yubico_yubikey.webp
    add_yubico_yubikey.webp
    45.1 KB · Views: 1,499
  • admin_login_twofactor.webp
    admin_login_twofactor.webp
    17.8 KB · Views: 1,530
  • admin_login.webp
    admin_login.webp
    19.8 KB · Views: 1,511
  • admin_twofactor_list.webp
    admin_twofactor_list.webp
    40.2 KB · Views: 1,479
  • admin_twofactor_yubico_yubikey_options.webp
    admin_twofactor_yubico_yubikey_options.webp
    71.9 KB · Views: 1,486
  • bad_twofactor_code.webp
    bad_twofactor_code.webp
    35 KB · Views: 1,486
  • entering_twofactor_code.webp
    entering_twofactor_code.webp
    26.8 KB · Views: 1,447
  • twofactor_login_2.webp
    twofactor_login_2.webp
    33 KB · Views: 1,441
  • user_menu.webp
    user_menu.webp
    46.8 KB · Views: 1,432
  • Like
Reactions: SchmitzIT, t0fx, lasertits and 6 others
Author
SheepCow
Downloads
341
Views
2,170
First release
Last update

Ratings

4.86 star(s) 14 ratings
Join the discussion

More resources from SheepCow

Share this resource

Latest updates

  1. Fixes incorrect File Health Check hash

    Fixes an incorrect File Health Check hash for ControllerPublic/Login.php.

  2. Minor fix for "lost your device"

    This is a minor bug fix: A bug was found that stopped the "Lost your device" pages from filling...

  3. PHP 5.5 compatibility update

    This is a minor update that brings compatibility with PHP 5.5. The only change is that cURL's...
Read more…

Latest reviews

T
Awesome addon. My users like the assurance that their account is secure from malicious attackers. Thank you for the work and I also thank you for the logger which I use as well.
Upvote 0 Downvote
naia
This is a good implementation of 2FA. The only issues I have with are that (a) social logins are not verified and (b) you can turn off two factor authentication when logged in to your account without verifying your token or sending a verification email. I feel this defeats the purpose of the additional check on the AdminCP. I will adjust to five stars once this is fixed.
Upvote 0 Downvote
Maxxamillion
This is awesome the google auth is brilliant
Upvote 0 Downvote
pipibunny
Awesome. It's great to security for account
Upvote 0 Downvote
TPerry
Want security? Then this is the add-on for you. Works for both the ACP and site itself.
Upvote 0 Downvote
naia
Great additional layer of security. Would rate five stars if you could require two-factor authentication even if Facebook login is enabled.
Upvote 0 Downvote
MattW
Great add-on for that extra layer of security
Upvote 0 Downvote
sonnb
Awesome
Upvote 0 Downvote
A
Great addon and it just works as it should. Highly recommended for admin of all sites.
Upvote 0 Downvote
Mouth
Terrific
Upvote 0 Downvote
Read more…
Top Bottom