Welcome to Our Community

Registration on our forums are now open for some days! Feel free to sign up today.

[Free Add-on ] [FreddysHouse] Two-factor Authentication 1.3.3

Add two-factor authentication to your community.

  1. XenForo Rocks
    Compatible XF Versions:
    • 1.2
    • 1.3
    Creative Commons Attribution 3.0 Unported (CC BY 3.0), GNU General Public License and MIT license
    This add-on provides XenForo with two-factor authentication using Google's Authenticator app or Yubico YubiKeys.

    The idea behind multi-factor authentication is that you don't rely on just a password to login - instead you require (at least) two of these:
    • Something the user knows (their password).
    • Something the user has (a YubiKey, the Google Authenticator app on their smartphone).
    • Something the user is (a fingerprint, not used in this add-on).
    If a hacker is able to gain access to the user's password (e.g. a bad person installs a key logger on the user's computer) they are still not able to log in without physical access to the two-factor device.

    I recommend also installing [FreddysHouse] Logger, this add-on will log useful information only if that add-on is installed.

    The add-on has the following features:
    • Supports Google Authenticator time-based keys.
    • Supports Yubico YubiKeys.
    • Controlled by permissions.
    • Trophy criteria for users that are using two-factor authentication.
    • Provides detailed logging for admins (if [FreddysHouse] Logger is installed).
    • Provides additional security for your community & also protects your admin control panel.
    • Supports lost keys (works in the same way as a lost password, emails the user for validation and disables two-factor authentication for the user if they click a link in the email).

    Upload the contents of the upload directory to your XenForo directory. Install the add-on XML using the control panel.

    Once installed, go to the 'Home' tab, then click 'Install Method' from the 'Two-factor Authentication' section of the menu (if you cannot see the 'Two-factor Authentication' section please give yourself the 'Manage two-factor authentication' admin permission).

    Select the XML file of the method you wish to install (e.g. twofactor-GoogleAuthenticator.xml for Google Authenticator). You can repeat this to install different methods.

    Once you've added a method you should then configure the permissions. There are two permissions you can configure:

    • Use two-factor authentication. This lets you control which users are able to use two-factor authentication.
    • Maximum two-factor keys. Configure how many keys a user can have.
    Yubico Yubikey authentication requires an API key in order to communicate with the Yubico authentication servers. You can get an API key from them here(you need to own a YubiKey to generate an API key).


    A special two-factor section has been added to the 'Your Account' section of XenForo. From here users can view, add and remove two-factor authentication keys.

    This add-on uses jQuery.qrcode by Lars Jung.

    Funded by and developed for FreddysHouse (http://www.freddyshouse.com).
    bobefer, nick97, XXvevo and 4 others like this.
  • About Us

    Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.
  • Like us on Facebook

  • Buy us a beer!

    The management works very hard to make sure the community is running the best software, best designs, and all the other bells and whistles. Care to buy us a beer? We'd really appreciate it!

    Donate to us!