Two Factor Authentication Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
davidh221
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Sun Feb 28, 2021 6:57 pm

Two Factor Authentication

Post by davidh221 » Sat Apr 09, 2022 3:05 pm

How do you receive your TFA code if you do not have your mobile phone. Is there an option in the setup for the code to be sent to an email address or landline either instead of a mobile phone or as well as a mobile phone. I am using Joomla 3.10.8

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 41706
Joined: Sat Apr 05, 2008 9:58 pm

Re: Two Factor Authentication

Post by Webdongle » Sat Apr 09, 2022 3:46 pm

Use one of your gmail backup codes?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 7828
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Two Factor Authentication

Post by AMurray » Sat Apr 09, 2022 9:17 pm

Yes, you should have seen the one-time use emergency passcodes.
https://docs.joomla.org/J3.x:Two_Factor_Authentication

A bit late to shut the stable door, after the horse has bolted (so to speak), so I don't know what the next step would be.
Regards - A Murray

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 41706
Joined: Sat Apr 05, 2008 9:58 pm

Re: Two Factor Authentication

Post by Webdongle » Sat Apr 09, 2022 9:51 pm

Have you lost your phone permanently or do you just want an alternative to the phone?
If the former then report it stolen, buy another phone and get your network provider to send you a new sim.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

davidh221
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Sun Feb 28, 2021 6:57 pm

Re: Two Factor Authentication

Post by davidh221 » Sat Apr 09, 2022 10:24 pm

No I have not lost my mobile phone, but I do not want to be reliant on one device. I need 24/7 access to my website, in other words around the clock, which is why I need a fall back solution just in case.
I have not set up the TFA yet, just thinking ahead. Because I could not find how the TFA works in detail which is why I am asking before I set it up. The basic process is explained, but not the detail.
I could not find anywhere how you get these codes before I go ahead and implement TFA. How do you get a gmail back up code. Is there anyway of testing the system to see how it works without actually implementing the TFA. I know how the technical engineering side of the mobile system works as I work in that industry for many years.
Thanks.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 41706
Joined: Sat Apr 05, 2008 9:58 pm

Re: Two Factor Authentication

Post by Webdongle » Sat Apr 09, 2022 11:33 pm

davidh221 wrote:
Sat Apr 09, 2022 10:24 pm
... I need 24/7 access to my website, in other words around the clock, which is why I need a fall back solution just in case....
That's what the backup codes are. You can only use each one once but you can generate new ones when you need to.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 7828
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Two Factor Authentication

Post by AMurray » Sun Apr 10, 2022 8:05 am

You generate the backup codes, once you have activated 2FA, not before and its advisable to print them and keep them somewhere safe.

You can use the authenticator app or Yubikey in the Joomla default plugin.

An alternative is Akeeba LoginGuard, which has more authenticator methods:
  • Authenticator App
  • YubiKey
  • Webauthn
  • Pushbullet
  • Text Message
  • Email
I believe you can set up more than one of the above methods simultaneously. When logging on, it will list the 2FA methods you activated, you choose whichever one you want to use, it will generate the code, and you input the code from whichever method you've used. e.g. will send you the SMS or email with the code, or use the code generated by the app, etc.
Regards - A Murray

davidh221
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Sun Feb 28, 2021 6:57 pm

Re: Two Factor Authentication

Post by davidh221 » Sun Apr 10, 2022 9:50 am

Thanks A Murray, your suggestion using Akeeba LoginGuard was very useful. Having read through the documentation which goes into a lot of detail left me feeling happier about using a 'Two Step Verification' system.
Thank you again for your time.
Best regards
David.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 29103
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Two Factor Authentication

Post by Per Yngve Berg » Sun Apr 10, 2022 11:52 am

I installed an topp app on my Linux station. It's in the Ubuntu repository.

Exported the Keys from the Google Authenticator and imported. I now have it on two device. Some TOTP providers also provide sync between your devices.


Post Reply

Return to “Security in Joomla! 3.x”