Two-Factor Authentication icon

Two-Factor Authentication

Born05

Version 3.3.7

March 7, 2024

Fixed

  • fix: removed reference to old code

Version 3.3.6

February 29, 2024

Fixed

  • fix: dont allow visits to plugin templates before 2fa

Version 3.3.5

February 13, 2024

Fixed

  • fix: Missing usertoken table on fresh install

Version 3.3.4

February 8, 2024

Fixed

  • fix: Exposure of Sensitive Attributes
  • fix: Corrected the single use token time window

Version 3.3.3

February 8, 2024

Changed

  • Deprecate php 8.0
  • Updated spomky-labs/otphp
  • Updated endroid/qr-code

Fixed

  • Remove unneeded getTotp call.
  • fix: Exposure of Sensitive Attributes
  • fix: Token is now single use within time window

Version 3.3.2

October 2, 2023

Fixed

  • Fixed a post-login vulnerability.

Version 3.3.1

August 29, 2023

Fixed

  • Use isTwoFactorEnabled on settings screen.
  • Use two-factor-authentication/settings/turn-on action on settings screen.

Version 3.3.0

August 29, 2023

Fixed

  • Verify screen updated to Craft's new frontend style.
  • Verify step wasn't functioning correctly.

Version 3.2.1

July 6, 2023

Fixed

  • Prevent error when lastLoginDate is not set. Thanks to @joepagan

Version 3.2.0

May 4, 2023

Changed

  • Make sure to render CP templates in TEMPLATE_MODE_CP
  • AssetBundle improvement to prevent assets not loading during login
  • Code cleanup

Version 3.1.0

March 31, 2023

Fixed

  • Fix 500 error in CP for non-admins. Thanks to @mike-moreau

Version 3.0.2

September 19, 2022

Changes

  • Updated froms and controllers to use Craft 4 way of returning data.

Version 3.0.1

July 13, 2022

Changes

  • Code cleanup
  • Simplify request check

Fixed

  • Init load event now really uses WebApplication

Version 3.0.0

June 28, 2022

Fixed

  • Issuer name is now the system name instead of application name
  • Init load event now uses WebApplication::EVENT_INIT

Version 3.0.0-beta.1

May 9, 2022

Changed

  • Added craft 4 support

Version 2.10.0

November 8, 2021

Added

  • backEndPathAllow config option to allow specific backend paths to bypass 2fa checks.

Version 2.9.0

April 1, 2021

Fixed

  • Verification is now also needed after a second login.

Version 2.8.1

March 23, 2021

Fixed

  • Fixed otphp update. Thanks to @bencroker

Version 2.8.0

March 18, 2021

Updated

  • Updated spomky-labs/otphp requiring php 7.3 and up.

Added

  • Use endroid/qr-code for qr code generating instead of google's deprecated chart api.

Version 2.7.4

February 11, 2021

Fixed

  • Fixed getting logged out during 2FA screen on Craft 3.4 and up. Thanks to @goraxan

Version 2.7.3.1

November 3, 2020

Fixed

  • Fixed composer.json for composer 2

Version 2.7.3

October 16, 2020

Changed

  • Don't do anything until EVENT_AFTER_LOAD_PLUGINS

Version 2.7.2

October 16, 2020

Fixed

  • Make sure not to install the old session table.

Version 2.7.1

October 16, 2020

Fixed

  • Fixed installation errors

Version 2.7.0

October 6, 2020

Released earlier changes.

Changed

  • Move from a custom session table to storing data in the session.

Version 2.7.0-beta.1

September 25, 2020

Changed

  • Move from a custom session table to storing data in the session.

Version 2.6.3

September 22, 2020

Changed

  • Allow userSessionDuration to be 0

Version 2.6.2

September 15, 2020

Fixed

  • DateTime comparison is now between similar timezones.

Version 2.6.1

June 15, 2020

Fixed warning of 2.6.0

Version 2.6.0

June 15, 2020

BREAKING! Use frontEndPathAllow/frontEndPathExclude instead of frontEndPathWhitelist/frontEndPathBlacklist!

Improved

  • Use allow/exclude in favor of whitelist/blacklist
  • Removed ConfigHelper::localizedValue from config making configs more dependable.

Version 2.5.0

May 19, 2020

Added

  • French translation thanks to @romainpoirier

Fixed

  • Removed some old & unused code

Version 2.4.0

January 7, 2020

Fixed

  • userLoginEventHandler now uses verifyBackEnd and verifyFrontEnd options as it is supposed to.

Version 2.3.0

November 18, 2019

Added

  • Add in the ability to add the secure redirect field to the front-end forms. Thanks to @coxeh

Fixed

  • Fixed a bug where turning off 2 step on the front end always redirects to the admin cp. Thanks to @coxeh

Version 2.2.0

July 31, 2019

Added

  • Added verifyBackEnd option

Fixed

  • Fixed admin redirect issue when using forceBackEnd.

Version 2.1.2

April 8, 2019

Added

  • Added totpDelay config option (gives the user some extra time after code expired)

Version 2.1.1

February 28, 2019

Fixed

  • Disabling 2FA for other users failed

Version 2.1.0

February 22, 2019

Fixed

  • Make sure the User's EVENT_AFTER_LOGIN is triggered thanks to @engram-design

Version 2.1.0-beta.2

January 23, 2019

Fixed

  • Fix otphp to pull their fix for random_compat on php 7.0 thanks to @mikestecker

Version 2.0.1

January 23, 2019

Fixed

  • Fix otphp to pull their fix for random_compat on php 7.0 thanks to @mikestecker

Version 2.1.0-beta.1

January 18, 2019

Fixed

  • Support for Craft 3.1

Version 2.0.0

January 15, 2019

Stable release for Craft 3.

Version 2.0.0-beta.14

November 22, 2018

Added

  • Blacklist and whitelist can be exact paths or regex.
  • isTwoFactorEnabled can be used from twig.

Version 2.0.0-beta.13

November 6, 2018

Added

  • Added option to disable 2FA when a user is locked out of the account.

Version 2.0.0-beta.12

October 12, 2018

Fixed

  • Allow 2FA on the front end home.

Version 2.0.0-beta.11

October 10, 2018

Fixed

  • Fixed link to Google Authenticator

Version 2.0.0-beta.10

October 5, 2018

Fixed

  • Fixed 2FA CP path detection

Version 2.0.0-beta.9

October 5, 2018

Added

  • Front end 2FA support
  • Allow forcing 2FA

Fixed

  • Migrated old code to Craft 3

Version 2.0.0-beta.8

September 9, 2018

Improved

  • @jlamb1 Fix Deprecation Error "Round"

Version 2.0.0-beta.7

August 10, 2018

Improved

  • @brandonkelly Fixed the install migration

Version 2.0.0-beta.6

July 20, 2018

Changed

  • Disabled the plugin for console commands.
  • Added support for upgrading from Craft 2.

Version 2.0.0-beta.5

July 11, 2018

Improved

  • Added Dutch (NL) translation file. Thanks to @RichardFrontwise

Version 2.0.0-beta.4

July 9, 2018

Changed

  • Changed the translation scope to app.

Version 2.0.0-beta.3

July 5, 2018

Changed

  • Fixed debug bar support. Debug should be allowed, not trigger logout.

Version 2.0.0-beta.2

July 4, 2018

Improved

  • Prevent redirect loop for cookieBased login.

Version 2.0.0-beta.1

June 29, 2018

Improved

  • Fixed user overview with 2FA column enabled.

Version 2.0.0-beta

June 29, 2018
  • Beta release of the Craft 3 plugin.

Version 1.2.0

June 29, 2018

Changed

  • Moved releases to the craft-2 branch.

Version 1.1.0

December 7, 2017

Improved

  • Fixed console support.
  • Downgraded otphp to 8.3.2 for better PHP support.

Version 1.0.1

November 6, 2017

Improved

  • rememberedUserSessionDuration is now optional.
  • Fixed a DateTime checking issue causing unpredictable behavior.

Version 1.0.0

October 16, 2017

Improved

  • Validation feedback fix.
  • Updated otphp to 9.0.2.

Version 0.0.6

July 18, 2017

Improved

  • Make csrf required to turn 2FA off.

Version 0.0.5

May 9, 2017

Improved

  • Fix for login popup on verify screen.

Version 0.0.4

May 9, 2017

Improved

  • Fix for looping back to the verify controller.

Version 0.0.3

May 5, 2017

Changed

  • Added our own vendor code.

Version 0.0.2

May 5, 2017

Improved

  • Fixes for installing through composer

Version 0.0.1

May 5, 2017

Initial Beta Release