It's been a steady two weeks since we released the first beta of SMF 2.1 and since then we've had mostly positive feedback I think, we have fixed a few bugs and did a few improvements marching towards Beta 2 and a part of that was Two-Factor Authentication which I implemented over last week.
Two Factor Authentication adds an additional layer of security over your usual username and password, it works by pairing a device using a compatible app to your account which would then be required whenever you wish to log-in again into the forums. This allows security against those who even managed to steal your username/password, blocking them off as long as they don't have the paired device. For more technical details of the implementation, have a look at the original pull request
. SMF 2.1 is compatible with apps listed on the Wikipedia entry here
, allowing you to pair with any one app of your preference.
Admins get the option to disable, enable (default) and force 2FA for all users. Although I personally would not recommend forcing 2FA for all since it does require a separate dedicated device but if you wish for that, the option is available. If you're impatient you can checkout GitHub master
right now and see it in action (Not recommended for production
) or wait for Beta 2 and further releases. With SMF 2.1 we have juiced up the security by a good margin, hopefully you'll like that.
I've attached a few screenshots of it in action, subject to change. These are from the latest build as of this post and I was using Authy for Android
as a client but I couldn't take it's screenshots since it wouldn't allow me.