1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add Yubikey to XF 1.5 two-step verification

Discussion in 'XenForo Suggestions' started by melbo, Jun 19, 2015.

  1. melbo

    melbo Well-Known Member

    From this HYS thread: https://xenforo.com/community/threads/two-step-verification-and-security-improvements.99881
    Please add Yubikey support as another method of 2FA
    This addon is currently working well: https://xenforo.com/community/resources/freddyshouse-two-factor-authentication.1663/

    Please like this post if you want to see this considered :)
     
    maszd, Mijo, Infopro and 27 others like this.
  2. Alfa1

    Alfa1 Well-Known Member

    https://www.yubico.com/faq/yubikey/
    A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. YubiKeys are built strong enough for the largest enterprises, while remaining simple enough for anyone to use. The YubiKey NEO offers both contact (USB) and contactless (NFC, MIFARE) communications. YubiKeys support FIDO U2F, Yubico-OTP, OATH-OTP, OATH-HOTP, OATH-TOTP, OpenPGP, and PIV, and one security key can support an unlimited number of applications without the need for drivers, client software, or batteries. To learn more about the YubiKey, see YubiKey Hardware.
     
    rafass and melbo like this.
  3. Robust

    Robust Well-Known Member

    I'll work on it as an add-on extensive to the system (there is a note on the thread saying developers can extend the system) if not implemented into the core.
     
    melbo and Fred. like this.
  4. Fred.

    Fred. Well-Known Member

    Yes, Please! Big Yubikey Fan :D
    All my staff members are using Yubikeys.
    The Yubikey is not time dependent and very easy to use (y)
     
    melbo likes this.
  5. Shiro

    Shiro Well-Known Member

    I support this! I LOVE Yubikey!
     
    melbo likes this.
  6. melbo

    melbo Well-Known Member

    In the suggestion forum, liking the first post of a thread is like casting a vote for that suggestion. Like the OP to show your support :)
     
  7. lol768

    lol768 Active Member

    Would also like this, too few sites support these devices
     
    melbo likes this.
  8. HWS

    HWS Well-Known Member

    Pls consider. Thx.
     
    melbo likes this.
  9. melbo

    melbo Well-Known Member

    Still hoping we get this in core or someone steps up to extend the XFR core 2FA functionality
     
  10. Chris D

    Chris D XenForo Developer Staff Member

    I can tell you we aren't adding any further 2FA providers for XF 1.5.0 so custom development is likely to be the best solution.
     
  11. The Dark Wizard

    The Dark Wizard Well-Known Member

    Yubikey support would be nice :)!
     
    melbo likes this.
  12. Robust

    Robust Well-Known Member

    YubiKey's existing library and module requires the end user to download an additional PHP extension (php-yubico). I'm assuming to implement this you'd have to develop your own library. I'll look into it when I'm more free though.

    Edit: Or just make a simple curl request. It's not too complicated to extend the system and implement it.
     
    melbo likes this.
  13. Fred.

    Fred. Well-Known Member

  14. Robust

    Robust Well-Known Member

    Yeah, I took a look a while ago. He just read their library base iirc, it's just a curl request. Based off that I did say it's not too complicated to make, depending on how simple it is to extend the system to add more 2FA providers.
     
    melbo likes this.
  15. Fred.

    Fred. Well-Known Member

    Aha, ok. I didn't look at the code.
    I don't mind If I have to install an additional PHP extension. I prefer the local approach. I'm Interested in the add-on let me know If I have to test anything...
    It's working now with the other add-on. Take your time. ;)
     
  16. Robust

    Robust Well-Known Member

    Thing is, it's pretty unpractical. Since a lot of people still use those crappy shared hosting services like HostGator, and some using a VPS simply don't want another module. So if possible an approach to avoid additional server side installs is best, and in this case that is possible :)
     
    Fred. likes this.
  17. Robust

    Robust Well-Known Member

    Working on it. Is this really something people use? It's a physical product.

    Other than that, I can work on this but I need an API key for testing, and for that I think you need one of their Yubikey products which I do not have.
     
    Alfa1 likes this.
  18. md_5

    md_5 Well-Known Member

    Rather than Yubikey, it should be U2F which is an open standard supported by all recent Yubikeys.
     
    Zenexer and PunKeel like this.
  19. Robust

    Robust Well-Known Member

    Working on it now, sorry for the delay. I decided to work on it... well from right now.

    U2F is an awful library with no documentation. The normal Yubikey API makes perfect sense to me, it's also well documented. The U2F standard is undocumented and it's not really helpful for developers to implement it.
     
    Fred. likes this.
  20. Robust

    Robust Well-Known Member

    Also a problem, Chrome is the only browser supporting U2F...
     

Share This Page