Integration with vBulletin - [DBTech] Two-Factor Authentication (vB4)

Two-Factor Authentication lets you ensure only trusted networks have access to your account, by using your smartphone to validate login attempts from new IP addresses.


Why use Two-Factor Authentication?

The most common form of "hacking" a forum today is someone guessing or in some other way gaining access to the password to an administrator account. Even with password protection on your AdminCP and ModCP directory, irreparable harm can be done with an administrator account without needing to log in to any of these locations. Enabling two-factor authentication ensures that only trusted networks can access the accounts of your staff as well as your members.

Our two-factor authentication mod uses Google Authenticator to pair a member's forum account with their smartphone app. A "Recovery Key" shown on-screen during setup ensures that if a member should ever lose their phone, they can regain access to their account.


-------------------------------------------------------------------------------------------

Other addons available @ www.DragonByte-Tech.com/forum
Support posted at our forum is generally answered much quicker.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

* For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!

-------------------------------------------------------------------------------------------

Feature List

UserCP Integration

• Adds a "Two-Factor Authentication" link in the UserCP under "My Account"
• Displays a page with a button to activate or deactivate the authenticator

Network Verification

• Logs the IP Address of members who have activated the authenticator
• Asks for verification code for untrusted networks
• Blocks forum, AdminCP and ModCP access attempts from untrusted networks

Google Authenticator

• Uses Google's authenticator to handle the QR barcode and code generation
• Works on Android and iOS
• Recovery Key ensures that if you lose your phone, you can deactivate the authenticator

IP Whitelist

• Adds a new config.php parameter, $config['TwoFactor']['ipwhitelist']
• Whitelists IPs for all accounts for as long as the IP is in config.php
• Follows the same rules as the AdminCP "IP Ban" interface for powerful IP management

General / Other

• Display version number
• Enter your Affiliate ID

-------------------------------------------------------------------------------------------

This mod displays a copyright notification in the footer of all pages which includes:

• 1 Link to DragonByte Technologies homepage
• 1 Link to Product Description page of this modification

[DragonByte Tech]

I am not able to replicate any issues with it, it works perfectly fine @ our site.

Fillip

[Zelda-King]

I've installed it fine on 4.2.5. The only suggestion is a way for it to work per trusted device as those not on a static IP will have to re-authenticate every session.

[Piloux]

One of my users installed it but lost his phone and doesn't have the recovery key.

As the website administrator, is there a way I can remove it from his account?

[Piloux]

One of my users installed it but lost his phone and doesn't have the recovery key.

As the website administrator, is there a way I can remove it from his account?

[z3r0]

Quote:

Originally Posted by Piloux

One of my users installed it but lost his phone and doesn't have the recovery key.

As the website administrator, is there a way I can remove it from his account?

This happened with one of my users a few days ago, I had to remove the values in the dbtech_twofactor_secret & dbtech_twofactor_recovery fields for that user in the user database table to get him back in.

If you post over at dragonbyte's support forum they may have a better way.

[Piloux]

Quote:

Originally Posted by z3r0

This happened with one of my users a few days ago, I had to remove the values in the dbtech_twofactor_secret & dbtech_twofactor_recovery fields for that user in the user database table to get him back in.

If you post over at dragonbyte's support forum they may have a better way.

Alright thanks, so it's in the table users ?

[z3r0]

Yes, I cleared the values in the "dbtech_twofactor_secret" & "dbtech_twofactor_recovery" fields in the "user" table for that member.

[fortforum]

Such a feature would be extremely nice to have access to from admincp.

[Sforums]

Uninstalled.

Using vb 4.1.0 - "Two factor Authentication" nowhere to be seen under "My Account"

[wolfe]

is it possible to make this so it pops up on every login and not just on new IPs ?