[DigitalPoint] Security & Passkeys 1.1.8

[jessy]

thanks to dear member @jessy submitted a new resource:

[DigitalPoint] Security - Support for WebAuthn / FIDO2 security keys

Features

• Support for WebAuthn / FIDO2 security keys as two-step authentication (hardware devices such as YubiKeys are what large tech companies such as Google require their employees to use to keep their accounts secure).
  • Support for multiple keys per user
• Option for Days to trust two-step verification. Now you can set it to whatever is appropriate for your site, vs it being hardcoded to 30 days in XenForo.
• Users can see/manage the...

Read more about this resource...

 

[jessy]

thanks to dear member @roothacker updated [DigitalPoint] Security with a new update entry:

[DigitalPoint] Security

• Update for PHP 8.1
• Enforce requirement that server has OpenSSL PHP extension installed

Read the rest of this update entry...

 

[jessy]

thanks to dear member @roothacker updated [DigitalPoint] Security with a new update entry:

[DigitalPoint] Security

There are no functional changes, just phrasing. If you override the default 30 days to trust a TFA device, the phrase presented to the user when they are choosing to trust their device is fixed to show the right number of days.

Read the rest of this update entry...

 

[jessy]

thanks to dear member @roothacker updated [DigitalPoint] Security with a new update entry:

[DigitalPoint] Security

No functional changes, just the removal of Font Awesome Duotone icon usage

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security with a new update entry:

1.0.2.2

This is purely a cosmetic change that reworks how XenForo presents two-step verification options to users.

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

This is purely a semantic update that renames security key to Passkey for user-facing verbiage.

Passkey is the new term that's going to be used by Apple, Google and Microsoft going forward for what used to be known as security keys or WebAuthn/FIDO2.

The term is also being adopted by Yubikey for their hardware keys.

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

1.1.1

• If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than 'Manage'
• Use a more specific selector when enabling/disabling the Submit button on the WebAuthn form
• New option: Options -> User options -> Recommended strong two-step options (defaults to 2)
• The user's two-step page will show a notice about not having enough strong two-step options if they have less than the number set under options (a reminder to users that they should have more...

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

• Checking for PHP version 7.1.0 or higher
• Removed dependency on third-party library to get list of countries for sessions and trusted devices

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

ive the user a better error message if they try to create a Passkey entry without actually registering a Passkey.

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

• Added ability to view and delete remembered sessions in admin area (new Sessions tab when editing a user)
• Fix for PHP warning when on PHP 8 and accessing site through localhost (a test setup)

Read the rest of this update entry...

 

[theresa]

thanks to dear member @theresa updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

• Fixes an issue where certain (most) security keys couldn't properly authenticate as a two-step verification option.

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

I think this may have been the cause for a couple cases where an invalid Passkey record was saved to a user account. Previously, if an exception happened, it blindly accepted the null Passkey record as the new Passkey. If things went as expected (most cases) it wouldn't matter, but not everything always goes as expected.

• Added dataList-row--noHover class so background color doesn't change when the mouse moves over the table of two-step options a user has
• If an exception...

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

• Entropy for challenge changed from 192-bits to 768-bits
• All JavaScript has been rewritten to be "native" (does not use jQuery) in preparation for removal of jQuery in XenForo 2.3.

If you aren't using XenForo 2.3, you don't need to upgrade (might be some unmeasurable speed increase [think nanoseconds] when running its JavaScript since it doesn't dip into...

Read the rest of this update entry...

 

[jessy]

thanks to dear member @jessy updated [DigitalPoint] Security & Passkeys with a new update entry:

changelog

If you use the Days to auto-extend two-step device trust setting, the addon will always set the tfa_trust cookie when the user_remember record is extended (since we can't see the cookie duration on the server-side). Before we were only setting the cookie if the user_tfa_trusted.trusted_until value changed.

This will make it work as expected even if you had something unrelated (like a different addon) altering the user_tfa_trusted.trusted_until value (where you had a short cookie duration...

Read the rest of this update entry...