[DigitalPoint] Security & Passkeys Xenforo v1.1.8

[kashif]

kashif submitted a new resource:

[DigitalPoint] Security & Passkeys Xenforo - Download Free [DigitalPoint] Security & Passkeys Xenforo

Compatible XF 2.x versions

• 2.0
• 2.1
• 2.2

Additional requirements: OpenSSL PHP extension
Visible branding: No

Features

• Support for Passkeys(also known as WebAuthn / FIDO2 security keys) as two-step authentication (hardware devices such as YubiKeys are what large tech companies such as Google require their employees to use to keep their accounts secure).
  • Support for multiple keys per user
• Option for Days to trust two-step...

Read more about this resource...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys Xenforo v1.1.1

• If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than 'Manage'
• Use a more specific selector when enabling/disabling the Submit button on the WebAuthn form
• New option: Options -> User options -> Recommended strong two-step options (defaults to 2)
• The user's two-step page will show a notice about not having enough strong two-step options if they have less than the number set under options (a reminder to users that they should have more...

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys - Xenforo v1.1.3

Changelog not found

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.4

• Added ability to view and delete remembered sessions in admin area (new Sessions tab when editing a user)
• Fix for PHP warning when on PHP 8 and accessing site through localhost (a test setup)

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.4.1 Free

Fix​

Fixes an issue where certain (most) security keys couldn't properly authenticate as a two-step verification option.

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.5.1 Free

Added additional sanity check to ensure the device trust record is valid and exists before trying to extend it.

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.6 Free

I think this may have been the cause for a couple cases where an invalid Passkey record was saved to a user account. Previously, if an exception happened, it blindly accepted the null Passkey record as the new Passkey. If things went as expected (most cases) it wouldn't matter, but not everything always goes as expected.

• Added dataList-row--noHover class so background color doesn't change when the mouse moves over the table of two-step options a user has
• If an exception...

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.7 Free

• Entropy for challenge changed from 192-bits to 768-bits
• All JavaScript has been rewritten to be "native" (does not use jQuery) in preparation for removal of jQuery in XenForo 2.3.

If you aren't using XenForo 2.3, you don't need to upgrade (might be some unmeasurable speed increase [think nanoseconds] when running its JavaScript since it doesn't dip into jQuery any longer).

Read the rest of this update entry...

 

[kashif]

kashif updated [DigitalPoint] Security & Passkeys Xenforo with a new update entry:

[DigitalPoint] Security & Passkeys v1.1.8 Free

If you use the Days to auto-extend two-step device trust setting, the addon will always set the tfa_trust cookie when the user_remember record is extended (since we can't see the cookie duration on the server-side). Before we were only setting the cookie if the user_tfa_trusted.trusted_until value changed.

This will make it work as expected even if you had something unrelated (like a different addon) altering the user_tfa_trusted.trusted_until value (where you had a short cookie duration...

Read the rest of this update entry...