Two-step Verification for IPS Community Suite
Two-step Verification app ads an extra layer of protection for user accounts at your IPS Community Suite 4.1. This method of user authentication is used by all major websites like Google, Facebook, Twitter, Microsoft and many other websites.
This method adds a second factor of user authentication, and allows users to access their accounts only if they 1) know their password, and 2) are able to provide a one-time password which is generated every 30 seconds by the Google Authenticator app. (Click for Android or iOS).
So how this method works for IPS Community Suite?
After installing the product, you can choose which groups are allowed to use this application. It has two settings per group, one for the front-end and one for the ACP.
Users who have either of the settings enabled will see a red shield logo in the top user navigation bar. It draws their attention and invites them to check the application.
Also they will have a link in the user drop-down menu that shows whether the protection is enabled or not.
These two additional links lead to the following page:
User can use Google Authenticator to scan the bar and then type the one-time password generated by GA to enable this protection for their accounts. User who successfully enable the protection will see this screen:
If desired, users can type the one-time password generated by GA to disable the protection.
The user drop-down menu will show the new protection state
From now on, after every successful login into the IPS Community Suite, the user will be faced with this form in the front-end, the form can't be avoided or averted, a one-time password is strictly required.
Or with this form in ACP
Uses can choose to trust the device for 30 days, during which they will not be asked to enter the one-time password again. Users can trust the device for the front-end or ACP separately. That means if you choose to trust the device on the front-end, you will be still asked to enter the OTP when you log into the ACP.
Finally, if a user for some reason loses their phone, they can reach to you to reset their 2-Step Verification credentials. You can do it in ACP in one click
You can also choose to force all admins to enable 2-Step Verification through settings.
If enabled, admins will see this error and they can't do anything in ACP, same happens if you choose to enforce through the group setting shown above.
For front-end enforcement, this message will appear. It's nor recommended to enforce the usage of 2SV on normal users though.
If for any reason you have lost your mobile phone and you can no longer access your IPS Community Suite.
The solution is easy, and you need to do either of:
1) In your community root folder, find a file called: constants.php
Add this line to the end of it:
2) If the file doesn't exist, then copy the file constants.php to your community root folder.
And your IPS Community Suite will no longer ask you to enter your GA code.
Go to your ACP and reset 2SV credentials for yoru account.
You can delete the file or the line that you've added after you gain access.
We hope this application will add more security to your website. We recommend that you keep your server up-to-date with software and security fixes. Also make sure to install an SSL certificate, it's easy and free these days.