• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

2fa

  1. R

    Threema Gateway (two-step verification, SMS replacement) [Paid]

    rugk submitted a new resource: XenForo - Threema Gateway (two-step verification) - Two-step verification/Two-factor authentication using the secure instant messenger Threema Read more about this resource...
  2. R

    Unmaintained Threema Gateway (two-step verification, SMS replacement) 1.0

    This add-on is not affiliated with XenForo Ltd. This add-on is not affiliated with Threema GmbH. When the two-step authentication was introduced into XenForo many server admins asked for SMS support. This was my inducement to create this add-on. But instead of using SMS - which is not suitable...
  3. dieketzer

    2FA: link apps prior to 'enabled page'

    i am finding that members are hesitant to click 'enable' because they are afraid it will enable 2FA without first allowing them to install the requisite phone app. it would be great if users could get the links and install the apps prior to clicking 'enable'. if they could, its likely that more...
  4. MattW

    XF 1.5 2FA Emails rejected by Amazon SES

    So, I send all mail from the forum via Amazon SES, which requires you to verify each sending address being used. I've had a member try and activate 2FA (from what I can tell looking at the error logs), and the 2FA email is being sent from his own address - XXXXXX@gmail.com (changed address and...
  5. ThemeHouse

    [TH] Two Step Authentication Essentials 1.0.4a

    Enhance the security of your forum with our Two Factor Authentication add-on, featuring YubiKey support. This add-on currently adds the following features: YubiKey OTP Support (Supports every YubiKey produced to date) Ability to enable/disable specific two step authentication methods FIDO U2F...
  6. Formina Sage

    2FA: Remember device indefinitely

    I think having to re-authenticate every 30 days is a bit of a hassle, personally. Large services like Google and Facebook don't make me re-authenticate every 30 days, they permanently remember the browser unless cookies are cleared. Having the option to adjust the 30 day period to be longer...
  7. jflory7

    XF 1.5 2FA key cannot be scanned, entered manually - then stopped working?!

    Hello, Today, my 30 days finally expired on my login using my 2FA key. When I was initially setting up my 2FA authentication, my phone could not scan the QR code on my screen to add it (I am using Authy over Google Authenticator). This was strange, seeing as it worked here on the XF Forums, but...
  8. R

    Lack of interest 2FA: Separate 'device trusting' for forum and ACP login

    It would be nice if the option 'trust this device for 30 days' would differentiate between the forum login and the ACP login. E.g. many times you just want to have a quick look at the forum, but you always have to enter the 2FA code. There you can use the option to trust the actual device for 30...
  9. R

    Deactivating 2FA is too easy

    Let's take the following scenario: An attacker has gained access to the users password and one of these requirements: he has access to the device where the user selected 'remember this device for 30 days' or he can somehow bypass the login 2FA, because the user has selected 'remember this...
  10. R

    1.5: Documentation for two step authentication?

    Mike said in his post about the new 2FA in XenForo: Are there any more details about this? Or will there be? I mean is there any documentation or example implementation of this? Or is planned that there will be one released? Are there any special APIs at all?
  11. imthebest

    Fixed Device trusted even after disabling 2FA?

    I disabled 2FA however on account/two-step I still see this: And I'm even provided with a button to "Stop trusting this device". Is this expected? Thanks, Super120
  12. R

    Lack of interest Disallow/Disable/Force specific kinds of two factor authentication

    This is a suggestion for the new 2FA in XenForo v 1.5. Suggestion It would be great if you either... could disallow specific kinds of 2FA for user groups. or... adjust Implemented - Option to force 2Factor authentication on staff, so that you can force specific kinds of two factor...