New feature: Two-Step Verification

Discussion in 'News & Announcements' started by Simon Hampel, 4th Nov, 2015.

Join Australia's most dynamic and respected property investment community
  1. Simon Hampel

    Simon Hampel Founder Staff Member

    3rd Jun, 2015
    The forum software now supports Two-Step Verification (aka Two-Factor Authentication or 2FA), which means that you can use a third party tool such as Google Authenticator to protect your forum login.

    This means that even if someone manages to guess your password (or they get hold of your password from another website which gets hacked and you used the same password on multiple websites), then they won't be able to access your PropertyChat account unless they also have access to your mobile phone.

    Two-step verification, also known as two-factor authentication, requires you to provide two pieces of information to login. The general form is expressed as "something you know and something you have". "Something you know" is your password. "Something you have" is the new part. You may have seen this with other services, such as Google accounts. If you're familiar with that, you'll understand how it works in XenForo.

    Two-step verification is something a user has to opt into sometime after they have registered. Enabling it increases security at the expense of a more complex login procedure. For many users - particularly ones that just lurk or only have a few posts - the "value" of their account is low so the cost may outweigh the benefit. However, for other users, the extra security should be worthwhile.

    When you've enabled two-step verification, you will login with your username or email and password as normal. Once those are verified, we will determine if two step verification is needed. If so, you'll need to take the appropriate steps to complete that. Upon receiving that verification, you'll be logged in as normal.

    You can read more about how it works on the XenForo website - XF 1.5 - Two-Step Verification and Security Improvements

    To enable Two Step Verification, look for the new menu option in the account menu at the top of the page:


    ... or alternatively in the account area:


    Don't forget to save the backup codes somewhere safe so you don't accidentally lock yourself out of your account if you lose or replace your phone!
    mcarthur and Perthguy like this.