phpBB Two Factor Authentication
1.0.1
phpBB 3.3.1, 3.2.10
- Released:
- Wed Sep 30, 2020 3:01 pm
- File size:
- 223.79 KiB
-
- Validated for:
- phpBB 3.3.1, 3.2.10
- MD5 checksum:
- 550f6b2e09e8d5b748c978e105ddd530
- Install directory:
- ext/paul999/tfa
- Dependencies:
- ext-json, ext-openssl, marc1706/otp-authenticate, paul999/u2flib-server, paragonie/random_compat
-
Description
-
This extension adds support for the two factor authentication in your phpBB forum.
You can set several options within this extension:
- Disable 2FA completly (Basicly disabling the extension!)
- Do not require 2FA, but give it as option to users
- Require 2FA for users with a_ permissions only, and only to login for the ACP
- Require 2FA for users with a_ permissions only
- Require 2FA for users with a_ or m_ permissions only
- Require 2FA for all users
Depending on the choosen setting 2FA is required at registration (If a new user is registered), or a user is directly asked after login to update his profile with his key.
This extension currently supports the following types of two factor authentication:
- U2F (See below)
- TOTP (For example Google authenticator)
- Backup keys
Requirements:
- At least phpBB 3.2
- openSSL (At least 1.0.0)
- A secure connection (There are no specific requirements for the certificate. A self signed certicate will work as well as a extended validated certificate) if you want to use U2F
Limitations to U2F security keys
Due to limitations set by the U2F standard a secure connection is required. Currently, U2F is only supported in Google Chrome.
Ofcourse the user will also need a U2F compatible security key, for example from Yubico.