Author Topic: Two Factor Authentication in SMF 2.1 (Read 43286 times)

Dragooon · « **on:** December 03, 2014, 03:05:27 PM »

Hello all!

It's been a steady two weeks since we released the first beta of SMF 2.1 and since then we've had mostly positive feedback I think, we have fixed a few bugs and did a few improvements marching towards Beta 2 and a part of that was Two-Factor Authentication which I implemented over last week.

Two Factor Authentication adds an additional layer of security over your usual username and password, it works by pairing a device using a compatible app to your account which would then be required whenever you wish to log-in again into the forums. This allows security against those who even managed to steal your username/password, blocking them off as long as they don't have the paired device. For more technical details of the implementation, have a look at the original pull request. SMF 2.1 is compatible with apps listed on the Wikipedia entry here, allowing you to pair with any one app of your preference.

Admins get the option to disable, enable (default) and force 2FA for all users. Although I personally would not recommend forcing 2FA for all since it does require a separate dedicated device but if you wish for that, the option is available. If you're impatient you can checkout GitHub master right now and see it in action (Not recommended for production) or wait for Beta 2 and further releases. With SMF 2.1 we have juiced up the security by a good margin, hopefully you'll like that.

I've attached a few screenshots of it in action, subject to change. These are from the latest build as of this post and I was using Authy for Android as a client but I couldn't take it's screenshots since it wouldn't allow me.

Thank you!

vbgamer45 · « **Reply #1 on:** December 03, 2014, 03:09:09 PM »

Nice! Great idea thanks for adding it to 2.1 first forum software that I know of that has it!

Arantor · « **Reply #2 on:** December 03, 2014, 03:19:13 PM »

Very much approve of implementing TOTP 2FA.

Kindred · « **Reply #3 on:** December 03, 2014, 03:51:59 PM »

excellent job, dev folks!

CountryLady · « **Reply #4 on:** December 04, 2014, 03:58:30 AM »

Sweet~! Many Thanks to the Team.

Colin · « **Reply #5 on:** December 04, 2014, 04:10:12 AM »

Great!!

engrz · « **Reply #6 on:** December 04, 2014, 04:18:04 AM »

that is wonderful and secure

ziycon · « **Reply #7 on:** December 04, 2014, 04:58:58 AM »

Fair play, I'm liking security being given the attention it deserves.

Deaks · « **Reply #8 on:** December 04, 2014, 11:59:48 AM »

sounds good specially for any user with advanced access of any form that can be a potential security issue

saosangmo · « **Reply #9 on:** December 07, 2014, 12:26:39 PM »

Love you so much. I have used SMF for 8 years and this is the best software in security.

Masterd · « **Reply #10 on:** January 01, 2015, 04:48:34 PM »

Excellent news! SMF is really moving in the right direction.

Antes · « **Reply #11 on:** January 01, 2015, 04:55:32 PM »

Perfect to see security improvements in software.

Quote from: saosangmo on December 07, 2014, 12:26:39 PM

Love you so much. I have used SMF for 8 years and this is the best software in security.

We love you too for being with us for such long time

Powerbob · « **Reply #12 on:** January 02, 2015, 10:17:06 AM »

Well done, great news

karlbenson · « **Reply #13 on:** January 02, 2015, 01:44:11 PM »

Looking forward to it!

stmaxx · « **Reply #14 on:** January 21, 2015, 06:52:19 PM »

sorry I'm late, BUT this looks Great!

regards,
maxx

hadesflames · « **Reply #15 on:** March 01, 2015, 08:09:36 PM »

I see the admin is able to force 2FA on everyone. I can see how that might be useful, depending on the type of forum you're running. But what would be even more useful is to be able to force 2FA on certain membergroups. For example, I wouldn't force it on all members on my forums, but I certainly would force it on Admins. I might also consider forcing it on membergroups with a lot of permissions, like global mods. So, I think an important feature to add would be to allow forcing of 2FA on different membergroups.

Kindred · « **Reply #16 on:** March 02, 2015, 06:45:15 AM »

unlikely to happen as a core feature....

that's a fairly niche request

Steve · « **Reply #17 on:** March 02, 2015, 09:05:40 AM »

That's a shame. This is the first time I've read this thread and I thought the same thing as hadesflames ... it would be even better to force it on certain membergroups instead of or in addition to being able to select everyone.

Arantor · « **Reply #18 on:** March 02, 2015, 05:33:35 PM »

I'd be in favour of it as a core feature.

CoreISP · « **Reply #19 on:** March 03, 2015, 05:53:21 PM »

I can understand the need for such a feature, both from a perspective of security as user friendliness.
I'd be in favor as well. Up to the devs though.

News:

Author Topic: Two Factor Authentication in SMF 2.1 (Read 43286 times)