This add-on provides XenForo with two-factor authentication using Google's Authenticator app or Yubico YubiKeys.
- Compatible XF Versions:
- Creative Commons Attribution 3.0 Unported (CC BY 3.0), GNU General Public License and MIT license
The idea behind multi-factor authentication is that you don't rely on just a password to login - instead you require (at least) two of these:
If a hacker is able to gain access to the user's password (e.g. a bad person installs a key logger on the user's computer) they are still not able to log in without physical access to the two-factor device.
- Something the user knows (their password).
- Something the user has (a YubiKey, the Google Authenticator app on their smartphone).
- Something the user is (a fingerprint, not used in this add-on).
I recommend also installing [FreddysHouse] Logger, this add-on will log useful information only if that add-on is installed.
The add-on has the following features:
- Supports Google Authenticator time-based keys.
- Supports Yubico YubiKeys.
- Controlled by permissions.
- Trophy criteria for users that are using two-factor authentication.
- Provides detailed logging for admins (if [FreddysHouse] Logger is installed).
- Provides additional security for your community & also protects your admin control panel.
- Supports lost keys (works in the same way as a lost password, emails the user for validation and disables two-factor authentication for the user if they click a link in the email).
Upload the contents of the upload directory to your XenForo directory. Install the add-on XML using the control panel.
Once installed, go to the 'Home' tab, then click 'Install Method' from the 'Two-factor Authentication' section of the menu (if you cannot see the 'Two-factor Authentication' section please give yourself the 'Manage two-factor authentication' admin permission).
Select the XML file of the method you wish to install (e.g. twofactor-GoogleAuthenticator.xml for Google Authenticator). You can repeat this to install different methods.
Once you've added a method you should then configure the permissions. There are two permissions you can configure:
Yubico Yubikey authentication requires an API key in order to communicate with the Yubico authentication servers. You can get an API key from them here(you need to own a YubiKey to generate an API key).
- Use two-factor authentication. This lets you control which users are able to use two-factor authentication.
- Maximum two-factor keys. Configure how many keys a user can have.
A special two-factor section has been added to the 'Your Account' section of XenForo. From here users can view, add and remove two-factor authentication keys.
This add-on uses jQuery.qrcode by Lars Jung.
Funded by and developed for FreddysHouse (http://www.freddyshouse.com).
- Related Resources: