88

Product support

Visit this product's website for support.

  • Added on Apr 24, 2015
  • Current version: 1.1.0
  • Platform Compatibility
    v3.x use latest
    v2.x 1.0
    v1.x 1.0
  • License: Regular / Extended
  • Created by

Categories

Multi-Factor Authentication is the practice of adding an extra authentication step - often requiring use of a separate device such as a smartphone. What this means for you is that even if your login credentials are somehow obtained by a third party, they still would not be able to log in without also obtaining your MFA device. Multi-Factor Authentication is essentially to any website owner who values site security.

Logging In with MFA

  • Enter your login credentials as normal
  • Open Google Authenticator on your phone (Android, iPhone) and enter your 6-digit code.
  • You're now logged in!

Setup Instructions

  • In the backend, go to My Account in the top right.
  • Check the Use Multi-Factor Authentication? checkbox.
  • Generate an MFA Secret and scan the generated barcode using Google Authenticator (Android, iPhone).
  • Enter two security questions and answers - these will be used when you don't have access to your phone.
  • Click Save at the bottom of the form.

Once set up, Google Authenticator will display a continually changing set of 6 digits. When you next log in, you'll need to enter the currently showing number.

For Extra Security

  • In the backend, go to Settings - Multi-Factor Authentication
  • Check Require MFA for all administrators?

This option will restrict new or existing administrators who haven't yet enabled MFA to the My Account section of admin until they set it up.

  • Found the plugin useful on 18 Feb, 2024

    Hello,

    After purchasing your plugin I tried to install it and it failed. I'm using OctoberCMS v3.5.

    The error message:

    1. Loading composer repositories with package information
    2. Updating dependencies
    3. Your requirements could not be resolved to an installable set of packages.
    4. Problem 1
      • Root composer.json requires flynsarmy/oc-mfa-plugin ^1.0, found flynsarmy/oc-mfa-plugin[dev-master] but it does not match the constraint.

  • Found the plugin useful on 15 Jan, 2020

    Updating from 1.0.3 to 1.0.4 fails when using sqlite, I did this workaround get the plugin working, the update fails hence altering columns in sqlite is not possible.

    PRAGMA foreign_keys=off;
    
    /*
     * .schema backend_users
     */ 
    
    CREATE TABLE IF NOT EXISTS "backend_users_backup" (
        "id" integer not null primary key autoincrement, 
        "first_name" varchar null, 
        "last_name" varchar null, 
        "login" varchar not null, 
        "email" varchar not null, 
        "password" varchar not null, 
        "activation_code" varchar null, 
        "persist_code" varchar null, 
        "reset_password_code" varchar null, 
        "permissions" text null, 
        "is_activated" tinyint(1) not null default '0', 
        "role_id" integer null, 
        "activated_at" datetime null, 
        "last_login" datetime null, 
        "created_at" datetime null, 
        "updated_at" datetime null, 
        "is_superuser" tinyint(1) not null default '0', 
        "deleted_at" datetime null, 
        "mfa_enabled" tinyint(1) not null default '0', 
        "mfa_secret" varchar not null default '', 
        "mfa_persist_code" varchar not null default '', 
        "mfa_question_1" varchar not null default '', 
        "mfa_answer_1" varchar not null default '', 
        "mfa_question_2" varchar not null default '', 
        "mfa_answer_2" varchar not null default '');
    
    /*
     * Modifyed .schema backend_users
     */ 
    
    INSERT INTO backend_users_backup
    SELECT * FROM backend_users;
    
    DROP TABLE backend_users;
    
    CREATE TABLE IF NOT EXISTS "backend_users" (
        "id" integer not null primary key autoincrement, 
        "first_name" varchar null, 
        "last_name" varchar null, 
        "login" varchar not null, 
        "email" varchar not null, 
        "password" varchar not null, 
        "activation_code" varchar null, 
        "persist_code" varchar null, 
        "reset_password_code" varchar null, 
        "permissions" text null, 
        "is_activated" tinyint(1) not null default '0', 
        "role_id" integer null, 
        "activated_at" datetime null, 
        "last_login" datetime null, 
        "created_at" datetime null, 
        "updated_at" datetime null, 
        "is_superuser" tinyint(1) not null default '0', 
        "deleted_at" datetime null, 
        "mfa_enabled" tinyint(1) null default '0', 
        "mfa_secret" varchar null default '', 
        "mfa_persist_code" varchar null default '', 
        "mfa_question_1" varchar null default '', 
        "mfa_answer_1" varchar null default '', 
        "mfa_question_2" varchar null default '', 
        "mfa_answer_2" varchar null default '');
    
    CREATE UNIQUE INDEX "login_unique" on "backend_users" ("login");
    CREATE UNIQUE INDEX "email_unique" on "backend_users" ("email");
    CREATE INDEX "act_code_index" on "backend_users" ("activation_code");
    CREATE INDEX "reset_code_index" on "backend_users" ("reset_password_code");
    CREATE INDEX "admin_role_index" on "backend_users" ("role_id");
    
    INSERT INTO backend_users
    SELECT * FROM backend_users_backup;
    
    DROP TABLE backend_users_backup;
    
    UPDATE system_plugin_versions SET version = '1.0.4' WHERE code = 'Flynsarmy.Mfa';
    
    PRAGMA foreign_keys=on;

  • author

    Replied on 15 Jan, 2020

    Hey Guido, send me an email through the contact form on my site and I'll see if we can fix this up for you. https://www.flynsarmy.com/contact/

  • Found the plugin useful on 31 May, 2019

    A useful plugin - it does what it's supposed to do.

  • Found the plugin useful on 29 Sep, 2018

    Very easy setup and the support was ultra quick.

    If you want a way to add extra security to your website admin access then this is it... with a little help from google authenticator.

    Very happy with purchase.

1.1.0

October CMS 3 Compatibility

Feb 20, 2024

1.0.22

Minor login flow fixes

Feb 20, 2024

1.0.21

Redirect to intended URL on backend login instead of the dashboard

Aug 12, 2021

1.0.20

Add regenerate CLI command, better admin error handling

Mar 28, 2021

1.0.19

Switch out qrcode dependency

Jan 25, 2021

1.0.18

Switched out googleauth dependency

Jan 18, 2021

1.0.17

Make compatible with Illuminate's StatefulGuard auth contract

Jan 28, 2020

1.0.16

Minor bug fix for warning generated on first plugin installation

Sep 18, 2019

1.0.15

Fix error when saving profiles that haven't had MFA set up yet

Aug 01, 2019

1.0.14

Use a version of google-authenticator compatible with October's minimum PHP version

Aug 01, 2019

1.0.13

Revert dependency updates due to issues with capitsalisation and PHP version

Jun 01, 2019

1.0.12

Compatibility with v455, update dependencies

May 28, 2019

1.0.11

Fix error messages when inputting incorrect MFA codes

Feb 14, 2019

1.0.10

Security fix

Jan 17, 2019

1.0.9

Added settings page with option to force MFA for all administrators

Jan 17, 2019

1.0.8

Super admins can now modify MFA settings of other admins

Jan 16, 2019

1.0.7

Fix the make_user_fields_nullable migration for new installations with DB prefixes

Sep 29, 2018

1.0.6

Deprecated method call fix

Oct 22, 2017

1.0.5

Case sensitivity fix

Oct 15, 2017

1.0.4

Make user fields nullable

Sep 29, 2016

1.0.3

Rainlab.User bug fix

Oct 02, 2015

1.0.2

Compatibility with v204

Sep 14, 2015

1.0.1

Initialize plugin.

Apr 24, 2015