• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Two-Step Verification and Security Improvements

Not Brogan, nor do I play one on tv, but --

AdminCP > Users > Permissions/Usergroup Permissions > (Select given group) > General Permissions > Require two-step verification (Not Set/No should be fine).

Not sure where else you may have turned this on if you don't have the following checked:
Home > Options > Admin Control Panel > Require two-step verification to access the admin control panel
THAT was the answer I was looking for! Thank you very much. Thank you!
 

Phil

Active member
Hello evryone,

on my side a minority users on our forum don´t like this two steps verifications...Nobody is perfetc ;)

Is there a way to increase this 30 days ?

Thanks.
 

rafass

Well-known member
I hate when other sites ask me about codes to verify my account.
That's reasonable for bank accounts or emails until certain point, but completely unnecessary and annoying to simple boards / websites IMO.
 

melbo

Well-known member
Hello evryone,

on my side a minority users on our forum don´t like this two steps verifications...Nobody is perfetc ;)

Is there a way to increase this 30 days ?

Thanks.
I'm not running 1.5 yet but thought that no one was forced to use 2 step verification and that it was purely optional by members.
 

popowich

Active member
Great security feature! It deserves more than a "like". I turned it on for my mods too and they had no trouble with the setup. Thanks!
 

Robust

Well-known member
I hate when other sites ask me about codes to verify my account.
That's reasonable for bank accounts or emails until certain point, but completely unnecessary and annoying to simple boards / websites IMO.
Actually, a lot of forums are business related and some forum accounts have high trust levels dealing in huge amounts of monetary trades. Security is very important and 2FA should be a standard imo. I just lost a few accounts (stolen by someone) because someone decided to call Indian support teams for this company and get it to them, 2FA might've made the process more complicated but it wasn't offered. Trust me when I say this, you only know that you should've worried more about security when you lose your account permanently.
 

melbo

Well-known member
I hate when other sites ask me about codes to verify my account.
That's reasonable for bank accounts or emails until certain point, but completely unnecessary and annoying to simple boards / websites IMO.
I'm the opposite... I hate it when I don't have the option
 

erich37

Well-known member
Account security has become a hot topic recently.
this might be of interest....

http://techcrunch.com/2016/02/25/ap...nal-edward-snowdens-favorite-secure-chat-app/


Note on two-factor authentication
Because of the weaknesses of the SMS protocol, it’s generally safer to setup two-factor authentication with a YubiKey or TOTP (such as Google Authenticator). Unfortunately, many services don’t let you opt-out of SMS fallback for second factor authentication.

https://www.fredericjacobs.com/blog/2016/01/14/sms-login/

https://whispersystems.org/blog/signal/

https://github.com/FredericJacobs
 
Last edited: