The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.


A real Two Step Verification system for Joomla!

Security experts agree that the first step to securing your siteagainst unauthorized access is using a second step during the loginprocess. Joomla 3.2 and later offer Two Factor Authentication whichrequires you to enter a security code along with your password tolog into your site. However, Two Factor Authentication issusceptible to spoofing attacks. Moreover it does not let you useany second factor which is not a text code known to you before youlogin.

The solution to that is Two Step Verification. You login withjust your username and password. However, at this point, you have a"captive login" and you cannot use the site unless you provide yoursecond authentication factor. This could be a text code generatedby Google Authenticator like what Joomla already allows, orsomething impossible to use with core Joomla such as a text codesent to you by SMS or push notification or even a secure hardwaretoken following the FIDO U2F (Universal Second Factor) standard.After providing and validating the second factor your login becomesfull features and you can use the site. This is very much like whatGoogle does when you try to login to GMail; or what happens whenyou log into GitHub; or how Apple handles login to iCloud.

Akeeba LoginGuard currently supports the following secondfactors:
* Authenticator App (Google Authenticator, Authy, 1Passwordetc)
* YubiKey
* U2F (any USB or NFC token following the U2F protocol will do,including the cheap Amazon ones)
* Pushbullet (only with a paid PushBullet account)
* SMS Text Message (you need a paid subscription to the supportedSMS service; read the documentation)
* Email
* Fixed Code (ONLY FOR DEMONSTRATION - this is the same as using apassword; don't use on production sites)

This extension is brought to you by the same people who wroteJoomla's Two Factor Authentication feature.

Read more