2FA

[thumbtak]

If you click your name, near the logout, you might have noticed a new option in your profile menu. The new option is 2FA.

What is 2FA?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user’s credentials and the resources the user can access. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor — typically, a password or passcode. Two-factor authentication methods rely on a user providing a password, as well as a second factor.

How to activate?
Go to your profile menu and click 2FA. After clicking this, click “Activate 2FA”, from here, you will see instructions that will help you configure 2FA.

[thumbtak]

• Issue in logic caused users to be unable to configure 2FA unless specifically enforced on them.
• Other bug fixes.

[thumbtak]

■ Improvements
• Several improvements applied in how plugin settings are saved and checked (during user login).
• Better resolution used for user-entered data in wizard.
• Users are now notified to reconfigure 2FA if the 2FA method they are using is no longer allowed.
• Other improvements.

■ Bug fixes
• Users were being redirected to custom redirect before finishing the backup codes.
• Buttons were not clickable when using the front-end 2FA setup page.
• Fixed a number of browser compatibility issues (mostly better support for Safari).
• User was still asked for 2FA code even if excluded.
• Settings were not properly populated in some cases, resulting in error on admin pages.
• Other bug fixes.

[thumbtak]

■ Improvements
• Performance
• Reliability
• Refactored the way the 2FA saves and retrieves user 2FA properties.
• Other improvments.

■ Bug fixes
• User roles that contain a space can now be excluded.
• Other bug fixes.

[thumbtak]

■ Bug fixes

• Fixed an issue where in some scenario accounts were locked out even if the user had 2FA configured.
• Fixed some backend system issues.
• Fixed issues with users being unable to close configuration dialog on mobile devices.

[thumbtak]

• QR code generator updated.
• New setting to allow/disallow users from using other email addresses when configuring 2FA over email.
• Bug fixes.
• User roles that contain a space can now be excluded.

[thumbtak]

• Bug fixes and improvements.

[thumbtak]

• Backend changes to help with logins.

[thumbtak]

• Security fix.
• Improvements.

[thumbtak]

• New features
  • Backend feature added.
• Improvements
  • Made alternative 2FA backup methods available in first-install wizard to give users more prominence, so users can use them.
  • Conflict fixes with other functions that may occur.
  • Applied several improvements to the 2FA user wizard for better UX.
  • Removed redundant cron job.
  • Removed redundant code (it was no longer needed due to change and improvement in functionality).
• Bug fixes
  • Fixed: sends two emails when clicking the “Resend code” button.
  • Added additional checks to ensure that all the “No 2FA method selected” scenarios are handled.
  • Fixed a number of spelling mistakes.
  • Fixed: fatal error that may occur in some cases.
  • Addressed a number of PHP warnings.

[Author]

Posts