Two factor authentication (2FA)

https://www.phpbb.com/ideas/
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Two factor authentication (2FA)

Post by tojag »

Add support for the two factor authentication in phpBB forum.
2FA is the standard now. Wordpress, Joomla, others have it. Google authenticator or similar is a proven tool.
It's time to build it in phpBB to provide better users protection.
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Two factor authentication (2FA)

Post by WelshPaul »

Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Two factor authentication (2FA)

Post by david63 »

Don't have a problem with it as such, just as long as it is a user option.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
ukautoforums
Registered User
Posts: 88
Joined: Thu Mar 02, 2017 10:00 am

Re: Two factor authentication (2FA)

Post by ukautoforums »

Yes, opt in for users. Ability to use something like Google Authentication app.

Would be ideal for admin accounts and moderator accounts.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Two factor authentication (2FA)

Post by tojag »

It should be option for users, of course but built in phpbb. Now, I am using Google Authenticator in joomla sites and Direct Admin panel.
Bermudez
Registered User
Posts: 171
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Two factor authentication (2FA)

Post by Bermudez »

WelshPaul wrote: Tue Sep 12, 2017 9:44 pm Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.
User avatar
warmweer
Jr. Extension Validator
Posts: 11235
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Two factor authentication (2FA)

Post by warmweer »

Bermudez wrote: Tue Feb 20, 2018 11:35 am
WelshPaul wrote: Tue Sep 12, 2017 9:44 pm Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.
Did you search?
viewtopic.php?f=456&t=2341856
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
Bermudez
Registered User
Posts: 171
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Two factor authentication (2FA)

Post by Bermudez »

warmweer wrote: Tue Feb 20, 2018 3:15 pm
Bermudez wrote: Tue Feb 20, 2018 11:35 am
WelshPaul wrote: Tue Sep 12, 2017 9:44 pm Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.
Did you search?
viewtopic.php?f=456&t=2341856
I think I hurried for ask before search.
Sorry and thanks.
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Two factor authentication (2FA)

Post by Scanialady »

david63 wrote: Sat Sep 23, 2017 10:42 am Don't have a problem with it as such, just as long as it is a user option.
...and if you are not forced to use a data octopus for it. What about the old school way to put in an Q&A or phone number or any kind of normal things we don't need Google, Facebook or NSA for?
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Two factor authentication (2FA)

Post by tojag »

Starting from v.4.8, phpMyAdmin supports 2FA. I use it.
So, now I have 2FA in the Direct Admin Panel, phpMyAdmin, Joomla. Only phpBB remained in my system without this security :(
Tarantino
Registered User
Posts: 874
Joined: Sat Feb 18, 2012 1:51 pm

Re: Two factor authentication (2FA)

Post by Tarantino »

I can agree this is a good idea, to have included or as extension. But either way it should have an option to trust the device for x time. So we're not obliged to always fill the TFA every time we logged in with our device that we trust.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Two factor authentication (2FA)

Post by 2600 »

I'd like the ability to use the one, really decent 2FA I use and that is Authy. I use Authy for everything and if SMS is the only option then I use that as well. SMS is not ideal, but better then nothing. But by in large, 99% of all the websites I use that offer 2FA I use Authy. I have the Authy App in my phone and computers. I even put Authy in a Windows 7 VMware image and wrote that image to Blu-ray. :ugeek:
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
Tarantino
Registered User
Posts: 874
Joined: Sat Feb 18, 2012 1:51 pm

Re: Two factor authentication (2FA)

Post by Tarantino »

Well, Auhty or Google Authenticator is the same thing, the purpose is only to provide you the key.

I am using a 2FA solution and it works with Google Auth and Authy, only thing my solution needs is to be able to make the device trusted for x time.
Thats why I enforce that idea in the case this idea goes ahead. Because many users would ask the same. Orelse it is not "usable" at all for the day-joe-life
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Two factor authentication (2FA)

Post by tojag »

The PSD2 directive (for payments) has been operating in the EU for several months. 2FA is common, we meet it every day and everywhere, but not in phpbb :( It is sad. I can understand the lack of human resources in the phpbb community to accomplish this task or maybe the lack of knowledge but I don't understand avoiding the topic.
Wes of StarArmy
Registered User
Posts: 291
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Two factor authentication (2FA)

Post by Wes of StarArmy »

It blows my mind that this severely-needed security feature isn't included in the core yet. We know that a ton of people re-use passwords from site to site and if one of your mods or admins uses a site that's breached (which might not notice or announce a breach until months later), 2FA is the only thing stopping people from using the compromised password to get into your forum.
Post Reply

Return to “phpBB Ideas”