9

Product support

Get help in the plugin support forum.

Categories

Vdlp.TwoFactorAuthentication

This plugin adds Two Factor Authentication to the Backend of October CMS.

What makes this plugin better than others?

  • Each Secret Key is stored encrypted.
  • Actively Maintained by Van der Let & Partners (official October CMS partner).
  • User Friendly UI.
  • New features will be added frequently.

Supported Apps

Questions? Need help?

If you have any question about how to use this plugin, please don't hesitate to contact us at octobercms@vdlp.nl. We're happy to help you. You can also visit the support forum and drop your questions/issues there.


If you love this quality plugin as much as we do, please rate our plugin.


Users can be forced to set up 2FA in the sign in process.

After installing the plugin, go to My Account to enable Two Factor Authentication.

Requirements

  • October CMS 3.0 or higher
  • PHP 8.0.2 or higher

Configuration

To configure this plugin execute the following command:

php artisan vendor:publish --provider="Vdlp\TwoFactorAuthentication\ServiceProvider" --tag="config"

This will create a config/twofactorauthentication.php file in your app where you can modify the configuration.

  • Found the plugin useful on 13 Aug, 2022

    Install it, and enable 2FA for your backend account. As easy as it sounds. Great job!

  • Found the plugin not useful on 15 Sep, 2021

    Doesnt work for latest October.

  • author

    Replied on 15 Sep, 2021

    Hi Robert,

    An update for this plugin is still in the works. Don't expect us to have an update available immediately since October CMS 2.1 (stable) is released not very long ago. We have a lot of plugins to manage, so it will take some time to test them all properly.

    If you have purchased this plugin, I can provide you with a nightly build which will work with October CMS 2.x in the meantime.

    Please contact us at octobercms [at] vdlp [dot] nl and we are happy to help you!

  • Found the plugin useful on 30 Nov, 2020

    Hi, we're gradually rolling out this plugin for all of our clients. It would be nice to be able to force users to set 2FA upon next login (maybe with a kind of grace period). Can you please let us know if this is in the roadmap for this plugin? Thanks in advance for your response.

  • author

    Replied on 2 Mar, 2021

    Hi Maarten, thank you for reaching out to us. We have added this feature recently. We'd like to thank you for participating on testing this feature. It has now included since version 2.0.0. If anyone has ideas, suggestions or issues please contact us at octobercms [at] vdlp [dot] nl.

  • Found the plugin useful on 29 Mar, 2019

    It works but for some reason I'm only able to add authentication to one of the two admin accounts.

  • author

    Replied on 1 Apr, 2019

    Users must enable 2FA for themselves. Since v1.3 administrators are able to disable 2FA for users if they have lost their device or security code.

  • Found the plugin useful on 27 Feb, 2019

    Super easy plugin, does what it should, and is very easy to implement.

3.9.0

Change disabling 2FA of other backend users.

Nov 30, 2023

3.8.0

Prevent unnecessary `Registering Intended Uri` logs to `/backend`.

Sep 29, 2023

3.7.0

Several additions, improvements and fixes -- see CHANGELOG.md

Jun 01, 2023

3.6.0

Improve redirection logic after successful verification.

Mar 09, 2023

3.5.3

Update French translation.

Feb 20, 2023

3.5.2

Security improvements -- see CHANGELOG.md

Dec 16, 2022

3.5.1

Security improvements -- see CHANGELOG.md

Dec 15, 2022

3.5.0

Improve UI for October CMS 3.x

Nov 30, 2022

3.4.0

Maintenance release -- see CHANGELOG.md

Sep 23, 2022

3.3.2

Fix redirect loop when accessing Sign In page when backend user is signed in.

Jun 02, 2022

3.3.1

Fix implementation of backend.force_remember configuration.

May 25, 2022

3.3.0

Add October CMS 3.x to supported versions.

Apr 12, 2022

3.2.2

Fix reading logging_enabled configuration parameter.

Feb 03, 2022

3.2.1

Fix form button types.

Dec 10, 2021

3.2.0

Add configuration option for disabling logging.

Dec 10, 2021

3.1.4

Replace usage of `cms.backendForceRemember` (OC 1.x) with `backend.force_remember` (OC 2.x)

Nov 02, 2021

3.1.3

Fix missing usage of `force_all_super_users` configuration parameter.

Oct 05, 2021

3.1.2

Fix redirects while intercepting login

Sep 23, 2021

3.1.1

Extended logging and code improvements -- See CHANGELOG.md

Sep 22, 2021

3.1.0

Drop support for October CMS 1.x

Sep 20, 2021

3.0.0

!!! Add support for PHP 7.4 and higher

Jul 13, 2021

2.0.2

Fixes typo in Configuraton section in README file.

Mar 03, 2021

2.0.1

Fixes two important issues in authentication flow -- See CHANGELOG.md

Feb 23, 2021

2.0.0

Add support for forcing 2FA set up after authentication -- See CHANGELOG.md

Dec 31, 2020

1.5.1

Remove the autocomplete attribute from the OTP field. Prevents storing OTP in browser cache.

Aug 18, 2020

1.5.0

Upgrade dependency `libaries pragmarx/google2fa` and `endroid/qr-code`.

May 26, 2020

1.4.0

Fix redirect issue when cms.backendUri is empty.

May 26, 2020

1.3.0

Allow disabling 2FA for users as superuser (superuser must have 2FA enabled).

Jan 23, 2020

1.2.1

Fix issue with login screen not showing up

Jun 21, 2019

1.2.0

Add 2FA column to user list

Jan 18, 2019

1.1.1

Fix invalid method call

Nov 07, 2018

1.1.0

Improve security by generating the QR-code on server (instead of Google Charts API).

Nov 02, 2018

1.0.0

First version of Vdlp.TwoFactorAuthentication

Oct 12, 2018