[FreddysHouse] Two-factor Authentication

[FreddysHouse] Two-factor Authentication 1.3.3

No permission to download
Overview FAQ Updates (6) Reviews (15) History Discussion
i think i've come across a bug with this plugin and changing your user name.

i don't know if this has anything to do with it, but i changed my user name with the user essentials plugin here:

http://xenforo.com/community/resources/user-essentials-enhanced-version.2142/

after doing so, i got locked out of my website. first, i'd login with the new user name and password, then i would authenticate with the authy passcode, then i get returned to the login page again, with a bad login error message.

this cycle goes infinitely with no possibility to complete the login process until you disable two factor authentication.
 
i now have a yubikey, and i'm unable to get this to work with this plugin. I've configured my client id, api key, etc, but i don't get any option to use my key when logging in, i only get the google authenticator form. disabiling the google authenticator method just lets me login as normal. im not seeing an option to login with my yubikey at all even though it's installed, enabled in group settings, and completely set up as far as i can tell.

what am i doing wrong?
 
dvsDave said:
I enabled 2 Factor Authentication and am now having an issue. For some reason, when I go to login using the header login, it goes to http://www.controlbooth.com/login/login as the url, then it goes to the 2 factor page, and then it brings me to the signup page. Not sure why.

I disable the 2 factor authentication, and poof, the issue goes away. I logged out, then went to the homepage, logged in from the header dropdown, and it worked perfectly.
Click to expand...
I am getting reports of the happening to some people too.

The log shows them passing auth just fine, but it's sending them to the registration page.
 
dvsDave said:
I enabled 2 Factor Authentication and am now having an issue. For some reason, when I go to login using the header login, it goes to http://www.controlbooth.com/login/login as the url, then it goes to the 2 factor page, and then it brings me to the signup page. Not sure why.

I disable the 2 factor authentication, and poof, the issue goes away. I logged out, then went to the homepage, logged in from the header dropdown, and it worked perfectly.
Click to expand...

Scroll down a bit and you'll see the 2FA prompts. I've been confused at this a few times myself.
 
electrogypsy said:
i now have a yubikey, and i'm unable to get this to work with this plugin. I've configured my client id, api key, etc, but i don't get any option to use my key when logging in, i only get the google authenticator form. disabiling the google authenticator method just lets me login as normal. im not seeing an option to login with my yubikey at all even though it's installed, enabled in group settings, and completely set up as far as i can tell.

what am i doing wrong?
Click to expand...

Been using this with multiple yubikeys since it first came out with no issues.
Same with a few of my members. Have you added the added the yubikey .xml as an addon?
Select the XML file of the method you wish to install (e.g. twofactor-GoogleAuthenticator.xml for Google Authenticator). You can repeat this to install different methods.
Click to expand...
 
melbo said:
Been using this with multiple yubikeys since it first came out with no issues.
Same with a few of my members. Have you added the added the yubikey .xml as an addon?
Click to expand...

yep. it's all set up. just doesn't work when i try and use it. it doesn't look like the author is going to be doing any further work on this plugin, so i'm giving up on the yubikey portion.
 
Tried toggling the option to use SSL servers? You can test at the forum in my signature if you'd like.
 
The QR Codes on my site don't work :( The users that want to use this feature have to manually type the Codes in, and its annoying for our staff to get there accounts setup as we require our staff use 2 Factor Authentication, I've modified the QR Code Background to be white, and made the For-Ground of the code Black, cause my Themes background is a very dark grey (Almost Black)
Capture.webp

I have even tried to make the QR code Larger, Smaller ECT, but nothing works it doesn't read it at all.
 
Suggestion:
Adding Email OTP as a failover option, in case they couldn't find their phone or the app got removed.
 
Ablac said:
The QR Codes on my site don't work :( The users that want to use this feature have to manually type the Codes in, and its annoying for our staff to get there accounts setup as we require our staff use 2 Factor Authentication, I've modified the QR Code Background to be white, and made the For-Ground of the code Black, cause my Themes background is a very dark grey (Almost Black)
View attachment 82956

I have even tried to make the QR code Larger, Smaller ECT, but nothing works it doesn't read it at all.
Click to expand...
Give the qr code a background with CSS.

That's what I had to do when I was using this addon.
 
It's compatible with XF 1.4? If i try to attach GA, a have an error: "Failed to validate the code provided".
 
If this addon is not abandoned, please consider the following:
  • You are not prompted for your authenticator token when logging in via social login.
  • 2FA tokens can be turned off without verification of said token if the account is logged into, defeating the purpose of a second ACP check.
I'd much like to see these faults adjusted.
 
I've never seemed to get the "Ignore trusted computers for Admin CP logins" option to work. Whether checked or unchecked I have to enter the code on every admincp login, even if my device is remembered.
 
kontrabass said:
I've never seemed to get the "Ignore trusted computers for Admin CP logins" option to work. Whether checked or unchecked I have to enter the code on every admincp login, even if my device is remembered.
Click to expand...
Same here. I ended up disabling it. This only seems to be in recent months. Prior to that, it always worked fine. Maybe it is not XF 1.3 and/or 1.4 compatible.
 
You should definitely move the two factor field into the login bar, like on DigitalPoint. Is there a way to do this with template edits?

210719.png
 
You must log in or register to reply here.

Similar threads

XDinc
[XTR] Manage Two-step Verification Providers
Replies
1
Views
585
alfaNova
alfaNova
digitalpoint
Password-less login
Replies
16
Views
1K
PaulB
PaulB
Fullmental
  • Question Question
XF 2.2 How to require two-step authentication on every access of ACP?
Replies
2
Views
959
Fullmental
Fullmental
Kruzya
[Telegram] Two Factor [Deleted]
Replies
5
Views
823
Kruzya
Kruzya
digitalpoint
Cloudflare optimizations for XenForo
7 8 9
Replies
175
Views
17K
digitalpoint
digitalpoint
Top Bottom