2013-07-28, 06:12 AM
Introduction:
On my forum me and my system admin are obsessed with security and one security feature we love is two step auth. This requires a hacker to have physical access to a users phone to actually access the account. Which on random attacks is very unlikely.
Current development:
We know there is already a 2 step auth plugin on this site however that is what we based ours on (full code rewritten) and that plugin only allows admin's to use the feature (could be adapted but that requires effort) and manual file edits are needed. Ours will be an optional (or forced depending on admin config) extra layer of security for user accounts.
Installation:
We wanted something EASY - you guys love EASY. So this is how easy the installation is... Upload files to FTP - Install and Activate from AdminCP - Configure from AdminCP. You are then set to go.
Features:
*Some of these may be removed form final release - however feel free to suggest any you might want*
- Full support for iOS and Android
- RSA encrypted strings (In Database)
- No sensitive information needed - no numbers etc
- Select which usergroups can use the feature
- Optional email based 2StepAuth (If users do not have smart phones - although it's not as good as the QR scanner , it is at least something)
- Optional force onto users
- Opt in and out from UserCP
- Friendly first time popup for all users explainign 2StepAuth & how to use it
- User viewable auth'd I.P's - meaning once you whitelist an I.p in the UserCP - you no longer need to scan the QR code on that I.P
- FREE! - For to download and free to use!
- "Force reset all user secrets" button incase the sites database is hacked.
Vulnerability testing:
I don't want my site hacked or yours hacked through bad coding - thus before release Jesse Labrocca has agreed to check our code for vulnerabilities. We feel this will made it as safe as possible - of course if he misses anything and you guys spot anything we will actively develop the plugin to fix them.
Questions? Concerns? Comments?
-Kieran/SirGravzy & JariZ
On my forum me and my system admin are obsessed with security and one security feature we love is two step auth. This requires a hacker to have physical access to a users phone to actually access the account. Which on random attacks is very unlikely.
Current development:
We know there is already a 2 step auth plugin on this site however that is what we based ours on (full code rewritten) and that plugin only allows admin's to use the feature (could be adapted but that requires effort) and manual file edits are needed. Ours will be an optional (or forced depending on admin config) extra layer of security for user accounts.
Installation:
We wanted something EASY - you guys love EASY. So this is how easy the installation is... Upload files to FTP - Install and Activate from AdminCP - Configure from AdminCP. You are then set to go.
Features:
*Some of these may be removed form final release - however feel free to suggest any you might want*
- Full support for iOS and Android
- RSA encrypted strings (In Database)
- No sensitive information needed - no numbers etc
- Select which usergroups can use the feature
- Optional email based 2StepAuth (If users do not have smart phones - although it's not as good as the QR scanner , it is at least something)
- Optional force onto users
- Opt in and out from UserCP
- Friendly first time popup for all users explainign 2StepAuth & how to use it
- User viewable auth'd I.P's - meaning once you whitelist an I.p in the UserCP - you no longer need to scan the QR code on that I.P
- FREE! - For to download and free to use!
- "Force reset all user secrets" button incase the sites database is hacked.
Vulnerability testing:
I don't want my site hacked or yours hacked through bad coding - thus before release Jesse Labrocca has agreed to check our code for vulnerabilities. We feel this will made it as safe as possible - of course if he misses anything and you guys spot anything we will actively develop the plugin to fix them.
Questions? Concerns? Comments?
-Kieran/SirGravzy & JariZ