PDA

View Full Version : Major Additions - Infinity: Dual Authentication LITE


ENZO-F
01-13-2012, 11:00 PM
The ultimate solution in vBulletin site security!

vBulletin 4.1.9 or higher is REQUIRED.
Please PM me regarding pro version, site isn't currently ready. :p

Dual Authentication is the ultimate solution in vBulletin security and provides secondary authentication measures to user logins and control panel logins. When this is enabled and you login, it comes up with a prompt to enter your second authentication option. Here you must enter a second password which is AES encrypted in the database after being hashed, this eliminates the risk of MySQL injection getting the second password and makes it much harder for a hacker to get into your site (practically impossible).

If you have the pro version, the email one-time password option will send you a 6-digit code that you must enter at the prompt to login, this code changes at every login. The YubiKey option uses the keys found at http://yubico.com to authenticate you, this is the most secure as you must have the actual key. You can also configure the plugin to be used on the control panel only.

Authentication Methods:
- Secondary Password
- Email One-Time Key (Pro Version)
- YubiKey (Pro version)

Features:
- UserCP Dual Authentication Management
- Allow users to retrieve account if they have forgotten secondary authentication information
- Per-Usergroup Authentication Permissions
- Control Panel only option (Pro Version)

Branding free is available, PM me for more information.

Installation Instructions:
1. Upload all files in the upload folder.
2. Upload the product xml into vBulletin.
3. Configure to your liking.

------------------------------------------------------------------------------------------------------
Known Issues
------------------------------------------------------------------------------------------------------
- None.

Please Mark as Installed if you have actually installed this modification and nominate as MoTM!

nickk96
01-14-2012, 11:16 PM
fgt

tafreeh
01-15-2012, 02:15 AM
how much is for pro version and where can we get pro version from ?

Mr_Running
01-15-2012, 02:34 AM
ENZO_F
said :)
Please PM me regarding pro version, site isn't currently ready.
Branding free is available, PM me for more information

Rich
01-15-2012, 04:42 AM
I am trying to figure out where you are going with this other than as a means to get a few bucks in your pocket. When you say it increases site security, what exactly do you mean and how exactly does it make the site more secure. I am always interested in making my site more secure but I don't understand how this will do that since the description doesn't say much.

ENZO-F
01-15-2012, 09:57 AM
I am trying to figure out where you are going with this other than as a means to get a few bucks in your pocket. When you say it increases site security, what exactly do you mean and how exactly does it make the site more secure. I am always interested in making my site more secure but I don't understand how this will do that since the description doesn't say much.

When this is enabled and you login, it comes up with a prompt to enter your second authentication option. Here you must enter a second password which is AES encrypted in the database after being hashed, this eliminates the risk of MySQL injection getting the second password and makes it much harder for a hacker to get into your site (practically impossible unless keylogged).

If you have the pro version, the email one-time password will send you a 6-digit code that you must enter at the prompt to login, this code changes at ever login. The YubiKey option uses the keys found at http://yubico.com to authenticate you, this is the most secure as you must have the actual key. :)

ENZO-F
01-15-2012, 10:11 AM
how much is for pro version and where can we get pro version from ?

PM me.

reversedesigns
01-15-2012, 10:43 AM
nice enzo f seen this on ngu works great :)

ForceHSS
01-15-2012, 11:19 AM
do we also upload .DS_Store file and the permissions off dualauth.php is 604 ok

ENZO-F
01-15-2012, 11:23 AM
do we also upload .DS_Store file and the permissions off dualauth.php is 604 ok

You don't need to upload the .DS_Store file and 604 should be alright, unless you use group permissions.

ForceHSS
01-15-2012, 02:25 PM
Control Panel only option (Pro Version)
can you show a screen shot of what this looks like

ENZO-F
01-15-2012, 03:02 PM
Control Panel only option (Pro Version)
can you show a screen shot of what this looks like

It does the same thing, just only on the control panel. Protection where you need it, without disrupting every login. :p

New Joe
01-15-2012, 03:08 PM
How does a member set this second password?

ENZO-F
01-15-2012, 03:09 PM
How does a member set this second password?

UserCP -> Dual Authentication ;)

Rich
01-15-2012, 03:58 PM
Do people really have that many people logging in as other users on their site? I have almost 15k members on my site right now and I haven't had an issue "yet" where people have logged in as another user and my site is several years old. I would think the extra step for authentication via email would actually deter people from registering since nowadays everyone wants quick and fast.

ENZO-F
01-15-2012, 04:05 PM
Do people really have that many people logging in as other users on their site? I have almost 15k members on my site right now and I haven't had an issue "yet" where people have logged in as another user and my site is several years old. I would think the extra step for authentication via email would actually deter people from registering since nowadays everyone wants quick and fast.

It depends on what type of forum you have, as in what your forum is based on.

Rich
01-15-2012, 04:18 PM
Thats a good point. There really is no benefit to logging in as another user on my site. lol

ENZO-F
01-15-2012, 11:45 PM
People usually try it on boards with premium membership or something similar.

BSMedia
01-16-2012, 11:56 PM
I am trying to figure out where you are going with this other than as a means to get a few bucks in your pocket. When you say it increases site security, what exactly do you mean and how exactly does it make the site more secure. I am always interested in making my site more secure but I don't understand how this will do that since the description doesn't say much.

It's going to stop brute force password attempts and thats about it.

Coincidently it can also be stopped by enabling features already in vbulletin. It doesn't make it any harder or easier for a hacker to get in to your site, it won't make your site any more secure. The only thing I see this has is a hinderance and extra step to get your users logged in.

ForceHSS
01-17-2012, 07:01 PM
Removed this as it is causing alot of lag on my site

Markos
03-08-2012, 08:37 AM
Hi ive just installed this last night and the usergoups that don't have permission to use this cant read there pm it says they don't have permission to read there private messages any help ?

Prorockz
11-11-2012, 05:45 PM
anything related to vBulletin 3.8x?

craigvm
06-23-2013, 07:38 AM
Hi ive just installed this last night and the usergoups that don't have permission to use this cant read there pm it says they don't have permission to read there private messages any help ?

i`m sure i had this issue when i tried it

Polaris4ever12
06-28-2013, 02:27 AM
Message me please, or add my skype: Polaris4ever1 I want the pro version, we can talk about this :p

AK47-
07-28-2013, 06:04 PM
Pro version seems promising

davidg
07-28-2013, 07:11 PM
AK47- what are u trying to say with your post ? and if is free why u dont post the url where people can download the mod ?