Really nice plugin but without recovery codes it is quite risky
I will wait for next release (I know my users
)
You can always disable 2FA with setting the "secret" column of the "users" table to an empty string
But recovery codes are planned though I'll wait until Pirata implemented 2FA for the ACP.
what would cause someones code to not work anymore?
The secret token is only modified after deactivating and reactivating 2FA. You can disable 2FA for that user by clearing the "secret" colummn of the users table (of course only for that user). Things like recovery codes and disabling via ACP are planned for the next version though.
Just exploring how many options I missed on 1.8.
Hided the plugin from the mods site as there are conflicts with MyBB 1.8.4 which added 2FA for the ACP too.
when will this addon be back?
It'll take quite some time as I need to rewrite it completly. However as the ACP has already 2FA by default this hasn't any priority.
ACP only has PIN thingy but i still recommend this 2FA anyway instead of PIN so each user must use google auth app or so to get their own current code that is vaild 60 seconds or so.
(2015-06-09, 12:08 PM)JonesĀ H Wrote: [ -> ]It'll take quite some time as I need to rewrite it completly. However as the ACP has already 2FA by default this hasn't any priority.
Is 2FA for all accounts not a viable idea for core integration in 1.8*? You guys spent the time integrating it for the AdminCP so I was a little surprised that with the architecture in place you didn't add it as an option for all users on login also.