Page 1 of 1

Two factor authentication (2FA)

Posted: Mon Sep 11, 2017 9:22 pm
by tojag
Add support for the two factor authentication in phpBB forum.
2FA is the standard now. Wordpress, Joomla, others have it. Google authenticator or similar is a proven tool.
It's time to build it in phpBB to provide better users protection.

Re: Two factor authentication (2FA)

Posted: Tue Sep 12, 2017 9:44 pm
by WelshPaul
Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.

Re: Two factor authentication (2FA)

Posted: Sat Sep 23, 2017 10:42 am
by david63
Don't have a problem with it as such, just as long as it is a user option.

Re: Two factor authentication (2FA)

Posted: Tue Oct 03, 2017 10:10 am
by ukautoforums
Yes, opt in for users. Ability to use something like Google Authentication app.

Would be ideal for admin accounts and moderator accounts.

Re: Two factor authentication (2FA)

Posted: Thu Feb 08, 2018 9:01 pm
by tojag
It should be option for users, of course but built in phpbb. Now, I am using Google Authenticator in joomla sites and Direct Admin panel.

Re: Two factor authentication (2FA)

Posted: Tue Feb 20, 2018 11:35 am
by Bermudez
WelshPaul wrote:
Tue Sep 12, 2017 9:44 pm
Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.

Re: Two factor authentication (2FA)

Posted: Tue Feb 20, 2018 3:15 pm
by warmweer
Bermudez wrote:
Tue Feb 20, 2018 11:35 am
WelshPaul wrote:
Tue Sep 12, 2017 9:44 pm
Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.
Did you search?
viewtopic.php?f=456&t=2341856

Re: Two factor authentication (2FA)

Posted: Tue Feb 20, 2018 4:15 pm
by Bermudez
warmweer wrote:
Tue Feb 20, 2018 3:15 pm
Bermudez wrote:
Tue Feb 20, 2018 11:35 am
WelshPaul wrote:
Tue Sep 12, 2017 9:44 pm
Been using Two factor authentication (2FA) (Via extension) on my forum for a year or more now. I agree, it should be built in to phpBB as standard.
Please, Where can I find that extension?

Regards.
Did you search?
viewtopic.php?f=456&t=2341856
I think I hurried for ask before search.
Sorry and thanks.

Re: Two factor authentication (2FA)

Posted: Sat Mar 17, 2018 11:18 am
by Scanialady
david63 wrote:
Sat Sep 23, 2017 10:42 am
Don't have a problem with it as such, just as long as it is a user option.
...and if you are not forced to use a data octopus for it. What about the old school way to put in an Q&A or phone number or any kind of normal things we don't need Google, Facebook or NSA for?

Re: Two factor authentication (2FA)

Posted: Mon Jun 11, 2018 9:59 am
by tojag
Starting from v.4.8, phpMyAdmin supports 2FA. I use it.
So, now I have 2FA in the Direct Admin Panel, phpMyAdmin, Joomla. Only phpBB remained in my system without this security :(

Re: Two factor authentication (2FA)

Posted: Sun Dec 29, 2019 6:21 pm
by Tarantino
I can agree this is a good idea, to have included or as extension. But either way it should have an option to trust the device for x time. So we're not obliged to always fill the TFA every time we logged in with our device that we trust.

Re: Two factor authentication (2FA)

Posted: Tue Dec 31, 2019 4:31 am
by 2600
I'd like the ability to use the one, really decent 2FA I use and that is Authy. I use Authy for everything and if SMS is the only option then I use that as well. SMS is not ideal, but better then nothing. But by in large, 99% of all the websites I use that offer 2FA I use Authy. I have the Authy App in my phone and computers. I even put Authy in a Windows 7 VMware image and wrote that image to Blu-ray. :ugeek:

Re: Two factor authentication (2FA)

Posted: Tue Dec 31, 2019 3:14 pm
by Tarantino
Well, Auhty or Google Authenticator is the same thing, the purpose is only to provide you the key.

I am using a 2FA solution and it works with Google Auth and Authy, only thing my solution needs is to be able to make the device trusted for x time.
Thats why I enforce that idea in the case this idea goes ahead. Because many users would ask the same. Orelse it is not "usable" at all for the day-joe-life

Re: Two factor authentication (2FA)

Posted: Fri Jan 24, 2020 8:26 am
by tojag
The PSD2 directive (for payments) has been operating in the EU for several months. 2FA is common, we meet it every day and everywhere, but not in phpbb :( It is sad. I can understand the lack of human resources in the phpbb community to accomplish this task or maybe the lack of knowledge but I don't understand avoiding the topic.