Extension Description: This extension adds support for the two factor authentication in your phpBB forum.
You can set several options within this extension:
- Disable 2FA completly (Basicly disabling the extension!)
- Do not require 2FA, but give it as option to users
- Require 2FA for users with a_ permissions only, and only to login for the ACP
- Require 2FA for users with a_ permissions only
- Require 2FA for users with a_ or m_ permissions only
- Require 2FA for all users
This extension currently supports the following types of two factor authentication:
- U2F (See below)
- TOTP (For example Google authenticator)
- Backup keys
This is a very first version of the extension. There are still a few things which need to be fixed. Please test this only locally.
Issues can be reported at github (See below).
Extension Version: 0.0.2
- phpBB 3.1.7RC1 (Or this change: https://github.com/phpbb/phpbb/pull/4004 )
- openSSL (At least 1.0.0)
- A secure connection (There are no specific requirements for the certificate. A self signed certicate will work as well as a extended validated certificate) if you want to use U2F
Demo URL: https://www.phpbb-2fa.com/
Demo Username: Sorry, you need to register yourself for security reasons. This board is partly used as development board, so it might be in a non working condition.
Limitations to U2F security keys
Due to limitations set by the U2F standard a secure connection is required. Currently, U2F is only supported in Google Chrome. Firefox and Edge are working on support U2F as well, once they do support it this extension will be updated.
Ofcourse the user will also need a U2F compatible security key, for example from Yubico.
No Extensions within this forum should be used within a live environment!
Extension Download: https://github.com/paul999/phpbb_2fa/re ... tag/v0.0.2