I'm developing a 2 Factor Authentication Plugin for MyBB 1.8 at the moment. You can download it on
GitHub. After installation you can simply activate the 2 Factor Authentication from your UCP, scan the QR Code and that's it. You're asked to enter a code whenever you try to login either in the frontend or the acp. Note that the same code won't work twice. Also if you deactivate 2FA in your UCP and then reactivate it you need to rescan the QR Code as the secret key changes then.
What is left to do:
- Use the language system, atm only short placeholder texts are used
Feel free to report any issues or post any suggestions.
Is possible to activate only for some users? Or users settign is there?
No and I won't add this. If you're concerned enough about security to add a plugin like this you should be concerned about all users.
(2014-11-02, 07:56 PM)Jones H Wrote: [ -> ]Note that the same code won't work twice.
Does that mean you're using the use-based tokens (Need to increment each use), not the time-based ones?
Anyway, totally interested in this.
I'm using time based codes, but after you entered one you can't use it again (eg logging into the frontend and then directly to the acp with the same one)
So users are forced to use this or is it optional for each one?
(2014-11-02, 07:56 PM)Jones H Wrote: [ -> ]After installation you can simply activate the 2 Factor Authentication from your UCP
Well, it is confusing. Thanks nonetheless.
(2014-11-03, 07:20 PM)Eldenroot Wrote: [ -> ]Is possible to activate only for some users? Or users settign is there?
(2014-11-03, 07:27 PM)Jones H Wrote: [ -> ]No and I won't add this. If you're concerned enough about security to add a plugin like this you should be concerned about all users.
I understood his post as user(group) setting to disallow certain groups the use of 2FA (like "only this groups can use 2FA").
Unsure how you get "group" from his use of the word "user".
Anyways, I agree a per group permission would be kind of useless if you have privacy and security first on mind.