Announcement

Collapse
No announcement yet.

Enabling Two-Factor Authentication

Collapse
X
Collapse

  • Enabling Two-Factor Authentication

    vBulletin 5.3.0 and higher will allow site owners to enable Two-Factor Authentication for Administrator and Moderator functionality. This is an extra layer of security provided to make sure your user data remains as safe as possible. Two-Factor Authentication works in conjunction with an app on the user's smartphone, tablet, or computer. These apps provide a security token that lasts a limited time before expiring. The security token is created using industry standard algorithms and a unique string tied to your vBulletin account.
    Click image for larger version  Name:	mfa-2.png Views:	1 Size:	11.5 KB ID:	4367718




    Here are the instructions needed to enable this functionality.

    To turn this on, you will need to edit your /core/includes/config.php file. Look for the following code:
    Code:
    // ** TWO FACTOR AUTHENTICATION CONFIGURATION
    // This will require that logins for the modcp, admincp, site builder, inline moderation
    // will require a numeric code generated via an app on the user's cell phone or desktop
    // Admins and moderators will be able to log into normal user portions of the site
    // without any changes.
    //
    // This setting will enable two factor authentication for the site
    $config['Security']['mfa_enabled'] = true;
    
    // Uncommenting this will allow individuals moderators and admins to set up the Two Factor
    // security, but will not require it for those that choose not to enable it.  If it is
    // not set at all Two Factor will be required for all control panel logins and users that
    // have not configured their Two Factor Security will not be able to log in to the
    // control panel functions.
    $config['Security']['mfa_force_cp'] = false;
    If you are upgrading, then this might not exist in your existing /core/includes/config.php. You can copy it and add it at the bottom. It will also be in your /core/includes/config.php.new file.

    What if I am on vBulletin Cloud and cannot edit my config.php file?
    Once you have been upgraded to vBulletin 5.3.0, contact support and make a request to have this feature enabled if you want to use it.


    End-User Setup
    Once this is enabled, individuals can configure their accounts to use it on the Account Security tab of their User Settings page.

    First they will need a compatible application. Here are some compatible applications that can be downloaded:

    Google Authenticator: Android, iOS
    Microsoft Authenticator: Windows, Android, iOS
    Other: Google Chrome Extension, Authy is available for Mac, Windows, and Linux.
    Click image for larger version  Name:	accountsecurity1.png Views:	1 Size:	41.6 KB ID:	4367719




    Once they enter in their account password, they will be presented with a security token and a barcode. Either of these can be used to initialize the Application they chose. If they are using their phone as their authentication device, the easiest way to set this up is to scan the barcode with their chosen app. The app will give them a new code. Enter the account password and this new code to secure your account. Repeat this for every device that will be used to access the account. Once the page is refreshed, the security code and bar code will be lost.
    Click image for larger version  Name:	accountsecurity2.png Views:	1 Size:	120.1 KB ID:	4367720




    If they want to use the security code, they would just enter it into the app. The other instructions remain the same. The security code can be copied to a secure location in case it is needed in the future.

    Resetting the Security Code
    End users can reset their security code at any time using the Account Security tab of their User Settings page. Once Two-Factor Authentication has been set up the page will look like this:
    Click image for larger version  Name:	accountsecurity3.png Views:	1 Size:	52.8 KB ID:	4367721




    Fill out the form and a new security code and barcode will be shown. Security can be reenabled following the steps listed in the section above.

    What if a user loses their device or code?
    An Administrator can remove the security code secret by editing the user in the AdminCP and choosing "Reset Two Factor Authentication" from the Quick User Links menu.

    Which users can utilize Two-Factor Authentication?
    Currently, this is available for users with access to Administrator and Moderator functions. It will be used to protect those functions.

    Can we make it available for all users?
    Not at this time. We can add this feature in the future if there is sufficient customer demand.
      Posting comments is disabled.

    About the Author

    Collapse

    Wayne Luke A curious juxtaposition of nature, technology and sustainability. Find out more about Wayne Luke

    Article Tags

    Collapse

    advanced (5) affiliate (1) album (1) android (2) api (29) array (17) beginner (17) blog (4) bloginfo (1) calendar (2) cms (2) custom profile fields (1) forum (3) forums (4) groups (1) Intermediate (5) introduction (1) iphone (3) mapi (30) methods (10) mobile (34) style (2) threads (4) vb5howto (5) vBulletin (5)

    Latest Articles

    Collapse

    • The Basic Anatomy of a vBulletin Page
      Wayne Luke
      vBulletin 5's user output is created using a system of pages that are customizable by the site administrator. This system is called Site Builder. By breaking the system down into pages, a lot of control is given to the system administrator. By using Site Builder, you can create a unique site without any knowledge of HTML or CSS.

      vBulletin's pages are created using layers built upon a grid layout. Each page starts with a layout which defines the content areas of the page. Layouts define...
      Mon 11th Sep '17, 8:55am
    • Enabling Push Notifications in vBulletin 5.3.2 and Mobile Suite 1.16
      Wayne Luke
      vBulletin Mobile Suite 1.16 includes functionality for Push Notifications. One of the requirements to add this functionality is that you must be running vBulletin 5.3.2 Connect on your site and create a project with Google's Firebase Cloud Messaging (FCM) platform. The steps below will walk you through the process of enabling this functionality in vBulletin and in your Mobile Apps.

      Add a project to your Firebase account






      Setup Push Notifications...
      Thu 27th Jul '17, 8:56am
    • Enabling Two-Factor Authentication
      Wayne Luke
      vBulletin 5.3.0 and higher will allow site owners to enable Two-Factor Authentication for Administrator and Moderator functionality. This is an extra layer of security provided to make sure your user data remains as safe as possible. Two-Factor Authentication works in conjunction with an app on the user's smartphone, tablet, or computer. These apps provide a security token that lasts a limited time before expiring. The security token is created using industry standard algorithms and a unique string...
      Tue 4th Apr '17, 8:38am
    • How to moderate the posts of new users only
      Wayne Luke
      To help combat spam, many users opt to have new user’s posts moderated until they’ve made a specific number of posts. This allows the Admin/Moderator team to keep potentially malicious posts out of the public eye until a user has effectively passed a ‘probationary period’ as a member of the site.

      In order to do this, you will need to create a custom usergroup and a promotion.

      Creating a Custom Usergroup
      First, you need to setup the usergroup for your non-Moderated...
      Wed 22nd Feb '17, 9:13am
    • Rebuilding the Sphinx index
      Wayne Luke
      From time to time, we will need to update the indexing schema for the Sphinx server. In order for this fix to take effect, you will need to update the sphinx schema for the index. Follow these steps to rebuild your Sphinx Search Schema.
      1. Stop the Sphinx service on your server.
      2. Replace your existing Sphinx configuration file (vbulletin-sphinx.php) with the one provided in the current version of vBulletin 5 Connect. You can find this file in the do_not_upload directory.
      3. Update the file as provided
      ...
      Fri 3rd Feb '17, 1:01pm
    • Using the Search JSON
      Dominic
      Using the advanced editor you can create powerful search modules. Following you find possible filters / parameters for using within these modules:
      The search JSON parameter has the following format:

      :
      { "filter": <value>, "filter": <value>, ... }
      <value> may be any valid string, number or JSON structure and will be interpreted by the specified filter. Filters not listed below are ignored.

      Filters

      The valid filters...
      Wed 28th Jan '15, 12:51pm
    Working...
    X