Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
[DBTech] Two-Factor Authentication (vB4) Details »
[DBTech] Two-Factor Authentication (vB4)
Mod Version: 1.0.4, by DragonByte Tech (Coder) DragonByte Tech is offline
Developer Last Online: Sep 2019 I like it Show Printable Version Email this Page

vB Version: 4.x.x Rating: (8 votes - 3.88 average) Installs: 78
Released: 04 Mar 2014 Last Update: 19 Dec 2016 Downloads: 425
Supported DB Changes Uses Plugins Additional Files Translations  

Two-Factor Authentication lets you ensure only trusted networks have access to your account, by using your smartphone to validate login attempts from new IP addresses.


Why use Two-Factor Authentication?

The most common form of "hacking" a forum today is someone guessing or in some other way gaining access to the password to an administrator account. Even with password protection on your AdminCP and ModCP directory, irreparable harm can be done with an administrator account without needing to log in to any of these locations. Enabling two-factor authentication ensures that only trusted networks can access the accounts of your staff as well as your members.

Our two-factor authentication mod uses Google Authenticator to pair a member's forum account with their smartphone app. A "Recovery Key" shown on-screen during setup ensures that if a member should ever lose their phone, they can regain access to their account.


-------------------------------------------------------------------------------------------

Other addons available @ www.DragonByte-Tech.com/forum
Support posted at our forum is generally answered much quicker.

-------------------------------------------------------------------------------------------

If you like this mod please hit the button to the right ---->

Please remember to click the, button to the right if you installed the mod ---->

What does 'Marking As Installed' do ?

* It helps you to stay on top of updates - members who have installed modifications will be notified by us whenever new updates are available.

*
For security issues - vbulletin.org will contact all members who have installed a modification whenever a security issue is brought to their attention.

* Marking a modification as installed also helps us know how many people are using our work, giving us extra incentive to provide more features and new modifications.

We appreciate the support!

-------------------------------------------------------------------------------------------

Feature List

UserCP Integration
  • Adds a "Two-Factor Authentication" link in the UserCP under "My Account"
  • Displays a page with a button to activate or deactivate the authenticator

Network Verification
  • Logs the IP Address of members who have activated the authenticator
  • Asks for verification code for untrusted networks
  • Blocks forum, AdminCP and ModCP access attempts from untrusted networks

Google Authenticator
  • Uses Google's authenticator to handle the QR barcode and code generation
  • Works on Android and iOS
  • Recovery Key ensures that if you lose your phone, you can deactivate the authenticator

IP Whitelist
  • Adds a new config.php parameter, $config['TwoFactor']['ipwhitelist']
  • Whitelists IPs for all accounts for as long as the IP is in config.php
  • Follows the same rules as the AdminCP "IP Ban" interface for powerful IP management

General / Other
  • Display version number
  • Enter your Affiliate ID


-------------------------------------------------------------------------------------------

This mod displays a copyright notification in the footer of all pages which includes:
  • 1 Link to DragonByte Technologies homepage
  • 1 Link to Product Description page of this modification

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	305.jpg
Views:	937
Size:	39.9 KB
ID:	148338   Click image for larger version

Name:	306.jpg
Views:	1157
Size:	38.7 KB
ID:	148339  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
X-Factor Sean James vBulletin 3.8 Styles 6 14 Aug 2012 03:03
X-Factor Sean James vBulletin 3.6 Styles 20 11 Mar 2009 13:03
X-Factor Sean James vBulletin 3.5 Styles 40 17 Apr 2007 12:52

  #16  
Old 09 Apr 2014, 14:23
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Real name: Erik
Hi,

Problem solved it seems this hack uses a DB table to verify ip addresses if your ip is verified no twofactor code is being asked however if you try to login with another computer (that has another ip) a verification code will be asked)
Reply With Quote
  #17  
Old 10 Apr 2014, 21:02
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Originally Posted by Delphiprogrammi View Post
Oops yes 4.2.2 PL 1 i install it like this
  1. upload the "dbtech" folder to public_html
  2. import the product XML via vBulletin productmanager
  3. goto domain.com/vbpath/profile.php?do=twofactor&action=enable
  4. Save the recovery key and scan the QR and save to Google Authenticator => click save
after that i logout to see if it works but i can login with my username and password and no verification code is being asked.When i goto to profile.php?do=twofactor again then a verification is asked strange if you ask me.
Originally Posted by Delphiprogrammi View Post
Hi,

Problem solved it seems this hack uses a DB table to verify ip addresses if your ip is verified no twofactor code is being asked however if you try to login with another computer (that has another ip) a verification code will be asked)
Correct

Originally Posted by iraqiboy90 View Post
Nice plugin

Could sound silly, but what is the following:

Permissions
  • Can View
  • Can Add User Channel
Sorry, that was a copy/paste mistake. It's been removed from the description.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #18  
Old 14 Apr 2014, 17:19
iraqiboy90 iraqiboy90 is offline
 
Join Date: Sep 2012
Users are complaining that on phone devices the website will re-direct them back to the validation code on login after they have already submitted it.

i.e.
1. They login; username & password
2. Validation code.
3. Validation code accepted, and redirects them back to "2."

I've received this complaint regarding iPads and iPhones.
I have tested myself with iPad, but no problems.

I will still continue to test and gather more info.
Reply With Quote
  #19  
Old 14 Apr 2014, 17:40
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
I suspect their wireless providers have an IP changing on every page request, which would make it difficult to validate properly.

Might need a cookie set so the IP doesn't have to match.
__________________
Looking for ImpEx?
Reply With Quote
  #20  
Old 16 Apr 2014, 14:54
iraqiboy90 iraqiboy90 is offline
 
Join Date: Sep 2012
Originally Posted by Zachery View Post
I suspect their wireless providers have an IP changing on every page request, which would make it difficult to validate properly.

Might need a cookie set so the IP doesn't have to match.
That would be nice. Or a device ID based authorization?
http://twofactorauth.org/providers/

SecureAuth seems to be the best one, but I'm still searching on how to implement it on vbulletin....
Reply With Quote
  #21  
Old 26 Apr 2014, 00:23
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
We'll be looking at future authentication providers in the future


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #22  
Old 02 May 2014, 23:56
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Two-Factor Authentication v1.0.2

New Features Added:

IP Whitelist
  • Adds a new config.php parameter, $config['TwoFactor']['ipwhitelist']
  • Whitelists IPs for all accounts for as long as the IP is in config.php
  • Follows the same rules as the AdminCP "IP Ban" interface for powerful IP management


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #23  
Old 03 May 2014, 15:09
imported_silkroad imported_silkroad is offline
 
Join Date: Dec 2003
Will this (potentially) install and work for vB 3.8.X forums?
Reply With Quote
  #24  
Old 03 May 2014, 15:37
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Unfortunately not, as the templates are made with vB4 syntax, as are the calls to the template. Sorry


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #25  
Old 07 May 2014, 14:09
iraqiboy90 iraqiboy90 is offline
 
Join Date: Sep 2012
Originally Posted by DragonByte Tech View Post
Two-Factor Authentication v1.0.2

New Features Added:

IP Whitelist
  • Adds a new config.php parameter, $config['TwoFactor']['ipwhitelist']
  • Whitelists IPs for all accounts for as long as the IP is in config.php
  • Follows the same rules as the AdminCP "IP Ban" interface for powerful IP management

Fillip
Does this work with partial IP?
Reply With Quote
  #26  
Old 07 May 2014, 14:30
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Yes it does, it works with partial IPs and wildcards just like the AdminCP IP Ban interface.


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #27  
Old 04 Jul 2014, 09:46
Cadellin's Avatar
Cadellin Cadellin is offline
 
Join Date: Jan 2009
Just installed this and I must say it's a great idea however I think it needs a few minor additions to make it work more universally.

- vBulletin mobile style support - currently users cannot use their mobile effectively as they get a error "this page is not supported via the mobile style".
- Option not to remember IP after current session expires

What's the current sitation with Tapatalk does anyone know? Does this mod conflict or is there an in-built workaround to avoid clashes?
Reply With Quote
  #28  
Old 06 Jul 2014, 15:43
mikez006 mikez006 is offline
 
Join Date: Mar 2008
There is a bug when you have password expiration enabled.

Your password is x days old, and has therefore expired.
Please change your password using this page.
When the user clicks to change their password the page simply reloads and doesn't allow the user to reset their password. I disabled two-factor authentication and the password change link then worked.

Anyone know how to fix this?
Reply With Quote
  #29  
Old 12 Jul 2014, 18:06
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Two-Factor Authentication v1.0.2 Patch Level 1

Bug Fixes:
  • This mod will no longer interfere with the "Password Expiry" feature
  • This mod will no longer interfere with the "Force Profile Fields" feature


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
  #30  
Old 27 Jul 2014, 15:53
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Two-Factor Authentication v1.0.2 Patch Level 2

Bug Fixes:
  • This mod will no longer interfere with the "Password Expiry" feature
  • This mod will no longer interfere with the "Force Profile Fields" feature


Fillip
__________________
www.Dragonbyte-tech.com
Please support our mods by nominating them to MOTM!
Please do NOT PM us for support. Private Messages are only for exchanging sensitive details (like FTP / AdminCP logins).
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:54.

Layout Options | Width: Wide Color: