Having a verification badge in the community, lets the people know on the platform that the user's account is authentic, notable, and active.
What is meant by two-step verification?
Two-step verification is an optional feature that adds more security to your user account.
The verification...
I am looking to compile a list of authenticator apps that work with XenForo, yet I haven't turned up such a list searching here in the forum or on Google.
I've used Google Authenticator in the past, and currently use the Microsoft Authenticator (which I like more). I believe there are others...
I'm trying to set up Authy One-touch authentication, and I still couldn't make it work.
It says to use Authy I have to create an Authy API key in the Twilio console dashboard.
I created a test application and added a user.
Do I have to create a firebase app and provide its credentials in...
I have a staff member trying to use two-step verification. Despite ticking the 30-day "trust this device" option, the next login either hours or a day later always requires a new two-step code to be generated.
What is used to save that 30-day expiration on a person's computer? Is this via a...
With our staff we have the 2fa set up on the website. However, I know there's a possibility to disable it. But, one of the staff got a new phone so we need to reset but from what I can see there's no option to reset it?
I've tried disabling the 2fa but it still gave him this screen...
I don't know what is the cause of the problem because the same key was working well before the reinstall of xf..
Here the server error logged:
ErrorException: Template error: Object of class stdClass could not be converted to string internal_data/code_cache/templates/l2/s4/public/error.php:13...
Account security is essential. Provide your users with choice and increase account security.
Extended Two Factor by nanocode aims to add more 2FA methods that are more secure and convenient for your users.
Current supported 2FA methods:
Security Key (Fido U2F), adding support for YubiKey as...
rugk submitted a new resource:
XenForo - Threema Gateway (two-step verification) - Two-step verification/Two-factor authentication using the secure instant messenger Threema
Read more about this resource...
i am finding that members are hesitant to click 'enable' because they are afraid it will enable 2FA without first allowing them to install the requisite phone app.
it would be great if users could get the links and install the apps prior to clicking 'enable'. if they could, its likely that more...
So, I send all mail from the forum via Amazon SES, which requires you to verify each sending address being used.
I've had a member try and activate 2FA (from what I can tell looking at the error logs), and the 2FA email is being sent from his own address - XXXXXX@gmail.com (changed address and...
I think having to re-authenticate every 30 days is a bit of a hassle, personally. Large services like Google and Facebook don't make me re-authenticate every 30 days, they permanently remember the browser unless cookies are cleared.
Having the option to adjust the 30 day period to be longer...
Hello,
Today, my 30 days finally expired on my login using my 2FA key. When I was initially setting up my 2FA authentication, my phone could not scan the QR code on my screen to add it (I am using Authy over Google Authenticator). This was strange, seeing as it worked here on the XF Forums, but...
It would be nice if the option 'trust this device for 30 days' would differentiate between the forum login and the ACP login.
E.g. many times you just want to have a quick look at the forum, but you always have to enter the 2FA code. There you can use the option to trust the actual device for 30...
Let's take the following scenario: An attacker has gained access to the users password and one of these requirements:
he has access to the device where the user selected 'remember this device for 30 days' or
he can somehow bypass the login 2FA, because the user has selected 'remember this...
Mike said in his post about the new 2FA in XenForo:
Are there any more details about this? Or will there be?
I mean is there any documentation or example implementation of this? Or is planned that there will be one released?
Are there any special APIs at all?
I disabled 2FA however on account/two-step I still see this:
And I'm even provided with a button to "Stop trusting this device".
Is this expected?
Thanks,
Super120
This is a suggestion for the new 2FA in XenForo v 1.5.
Suggestion
It would be great if you either...
could disallow specific kinds of 2FA for user groups.
or...
adjust Implemented - Option to force 2Factor authentication on staff, so that you can force specific kinds of two factor...