Jump to content
Invision Community

Two-step Verification for IPS Community Suite 2.0.8

$9.99 · Renewal Term: $6.99 per 6 months

   (2 reviews)

12 Screenshots

About This File

Two-step Verification for IPS Community Suite

Two-step Verification app ads an extra layer of protection for user accounts at your IPS Community Suite  4.1. This method of user authentication is used by all major websites like Google, Facebook, Twitter, Microsoft and many other websites.

This method adds a second factor of user authentication, and allows users to access their accounts only if they 1) know their password, and 2) are able to provide a one-time password which is generated every 30 seconds by the Google Authenticator app. (Click for Android or iOS).

So how this method works for IPS Community Suite?

After installing the product, you can choose which groups are allowed to use this application. It has two settings per group, one for the front-end and one for the ACP.

00.png

Users who have either of the settings enabled will see a red shield logo in the top user navigation bar. It draws their attention and invites them to check the application.

01.png

Also they will have a link in the user drop-down menu that shows whether the protection is enabled or not.

02.png

These two additional links lead to the following page:

03.png

User can use Google Authenticator to scan the bar and then type the one-time password generated by GA to enable this protection for their accounts. User who successfully enable the protection will see this screen:

04.png

If desired, users can type the one-time password generated by GA to disable the protection.

The user drop-down menu will show the new protection state

08.png

From now on, after every successful login into the IPS Community Suite, the user will be faced with this form in the front-end, the form can't be avoided or averted, a one-time password is strictly required.

05.png

 

Or with this form in ACP

06.png

Uses can choose to trust the device for 30 days, during which they will not be asked to enter the one-time password again. Users can trust the device for the front-end or ACP separately. That means if you choose to trust the device on the front-end, you will be still asked to enter the OTP when you log into the ACP.

Finally, if a user for some reason loses their phone, they can reach to you to reset their 2-Step Verification credentials. You can do it in ACP in one click

07.png

You can also choose to force all admins to enable 2-Step Verification through settings.

09.png

If enabled, admins will see this error and they can't do anything in ACP, same happens if you choose to enforce through the group setting shown above.

10.png

For front-end enforcement, this message will appear. It's nor recommended to enforce the usage of 2SV on normal users though.

11.png

Admin Rescue

If for any reason you have lost your mobile phone and you can no longer access your IPS Community Suite.

The solution is easy, and you need to do either of:

1) In your community root folder, find a file called: constants.php

Add this line to the end of it:

define('TWOSTEPSAUTH_DISABLED', TRUE);

2) If the file doesn't exist, then copy the file constants.php to your community root folder.

And your IPS Community Suite will no longer ask you to enter your GA code.
Go to your ACP and reset 2SV credentials for yoru account.

You can delete the file or the line that you've added after you gain access.

Conclusion

We hope this application will add more security to your website. We recommend that you keep your server up-to-date with software and security fixes. Also make sure to install an SSL certificate, it's easy and free these days.


What's New in Version 2.0.8   See changelog

Released

Bug fix: User can't change language.




User Feedback

You may only provide a review once you have downloaded the file.


Wayne B

   10 of 10 members found this review helpful 10 / 10 members

I have been waiting for 2FA for some time since we moved to IPB4 so this release could not have come soon enough for me. This has had a couple of very minor teething issues as bugs have been found shortly after initial release but they have been resolved almost instantly on each occasion. In fact the developer never sleeps :-) The longest fix I had to wait for has been 8 minutes which is remarkable. 

It works perfectly, and even new features have been accommodated on request and again almost instantly. 

Great app by a very responsive and talented developer. 

Highly recommended and at a great price. I did see one comment of a customer complaining about having a 6 month renewal of $6.99, seriously that is the cost of a coffee for the security of your site. If you care about your site drink 1 less coffee every 6 months and enjoy peace of mind.

@Milad IPBPlug.in - Thank you for bringing this back to the marketplace.

Share this review


Link to review
GriefCode

   2 of 2 members found this review helpful 2 / 2 members

For 10$ this app is very cheap and protects me in a lot ways. I do not need to worry about my forum security anymore.

Someone recently got my personal password and that made me worry on everything. I have added 2FA to every single login where it was available, even to my dedicated servers, the forum login was the last commonly used login where the 2FA was missing. I'm really thankfull that this application has been programmed.

I do not use the suggested apps by the programmer, i used authy on IOS (recommended by cloudflare) and it still works for me :-)

Adding/installation was flawless. Great job & great application, works exactly as expected. Thank you!

 

Share this review


Link to review
×