1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unmaintained [FreddysHouse] Two-factor Authentication 1.3.3

Add two-factor authentication to your community.

  1. SheepCow

    SheepCow Well-Known Member

    SheepCow submitted a new resource:

    [FreddysHouse] Two-factor Authentication (version 1.1.2) - Add two-factor authentication to your community.

    Read more about this resource...
     
    t0fx and faeronsayn like this.
  2. The Forum Heroes

    The Forum Heroes Well-Known Member

  3. SheepCow

    SheepCow Well-Known Member

    The thought had crossed my mind but I don't think they've released how it works (how to work out the secret and generate the keys from the secret) - I suspect it's similar though.

    If you know of any other popular authenticators let me know, it's relatively easy to add more. The implementation code is separated out to allow for new methods (although templates and phrases are still coupled to the add-on so it's not as easy as I'd like yet!)
     
    The Forum Heroes likes this.
  4. The Forum Heroes

    The Forum Heroes Well-Known Member

    I'm starting a WoW forum soon, this would be amazing for it.
     
  5. MasterPiece

    MasterPiece Active Member

    Wow Thank you very much its worked as stated Love it. Keep Up the good work :)
     
  6. SheepCow

    SheepCow Well-Known Member

  7. faeronsayn

    faeronsayn Well-Known Member

    I've got this installed and I'm a little confused as to how I am suppose to get the API keys for Yubico.

    I've gone here: https://upgrade.yubico.com/getapikey/ but they are asking me for an email and a password, yet I haven't registered an account with them. Where would I go about registering an account with them?
     
  8. MasterPiece

    MasterPiece Active Member

    you need to actually buy a key at the store https://store.yubico.com/
     
    faeronsayn likes this.
  9. sonnb

    sonnb Well-Known Member

    Very interesting.
     
  10. SheepCow

    SheepCow Well-Known Member


    MasterPiece is correct, to get an API key the "one time password" (OTP) it asks for is generated by the physical YubiKey - so you need to own one to get an API key.

    The YubiKey is basically a USB stick with a button on it, press the button and it types an line of text (a counter-based one time password) in for you. The add-on then checks with the Yubico servers to see if the key is valid and that it hasn't been used before.
     
    MasterPiece and faeronsayn like this.
  11. Anthony Parsons

    Anthony Parsons Well-Known Member

    When I go into the account settings page for this, it is "on" by default. Does that mean it will ask for a key when none is installed, or is it not "on" until the user installs their key?
     
  12. SheepCow

    SheepCow Well-Known Member


    It's on by default, but until the user adds a key (e.g. attaches a Google Authenticator) it won't actually have any affect
     
    Anthony Parsons likes this.
  13. sonnb

    sonnb Well-Known Member

  14. SheepCow

    SheepCow Well-Known Member


    Ooh do you mean timezone?

    edit: ah no that won't affect it.
     
  15. SheepCow

    SheepCow Well-Known Member

    Your gadget and the server must both have the same time, i.e. the correct time - you can tweak the settings to allow it to cope with a bigger clock error (by default it allows it to be 2x the period (60 seconds) out).
     
  16. Anthony Parsons

    Anthony Parsons Well-Known Member

    I was going to say, my server is set to LA time and my phone to Melbourne, Australia time, and it worked for me. If both are showing the correct difference, then both should be showing the correct time.
     
  17. SheepCow

    SheepCow Well-Known Member

    Sorry I should have been clearer when I said "the correct time", it's using UTC for time so as long as you're time is correct for whereever you are it's all gravy :)
     
    MasterPiece likes this.
  18. sonnb

    sonnb Well-Known Member

    Maybe because of it. Because the phone and the server was 2 minutes different (same timezone). Thanks.
     
  19. dvsDave

    dvsDave Well-Known Member

    How does it handle logins when you use an external app like Tapatalk to browse and interact with the system?
     
  20. SheepCow

    SheepCow Well-Known Member


    From what I can see in the Tapatalk code, they've mostly re-written the XenForo login for their API stuff so it should be unaffected (which means they get no added security benefits too)
     
    dvsDave likes this.

Share This Page