Update 2 Step Verification Option

I am adding security feature that allows you to use a 2 Step Verification to sign in to the forum. I am doing this mainly to protect my Admin account from any would be hackers. I will extend the option to regular users in case you would like to use it. You will be able to use Google Authenticator or YubicoYubikey apps to get your keys. I only use the Google app so I won't be testing it on the Yubico app.

No action is required if you do not wish to use this feature.

If you don't know what it is here is short description by Google: Google 2-Step Verification

I'll add quick guide on how to set it up once I have everything in place.

 

Understand that you will need a smart phone/tablet and the Google Authenticator app to set this up (and then be able to log in afterwards). Most users have no real need for this but if you have any sensitive data in your account, in private messages or you just want the extra security then the option is there for you.

Here is how to set this up (with the Google Authenticator app):

1. Click your username in the top right and then click "Two-Factor Authentication". This link takes you to the same place: http://www.dumagueteinfo.com/board/account/two-factor

2. Click "Add New Key".

3. Enter a description for the key (this can be anything you like).

4. Scan the QR code using the Google Authenticator application on your phone/tablet.

5. Type the code provided on your phone/tablet in to the box below.

6. Click "Attach Google Authenticator".

Everything will be set up now. When you log in again you will be asked for the code generated in the app. (This changes every 60 seconds or so)

The app looks look like this (I have more than one account set up):

 

I'll take a look and see what could be going wrong. But just to be sure:

Google Authenticator - Android Apps on Google Play

This is the app you have installed on your phone/tablet? The LastPass app shouldn't have anything to do with setting up G. Authenticator on DI. I just installed it on my phone and computer so I can see if there are any conflicts.

 

When you scan the QR code with your phone it is setting up the G.A. app with the verification codes for Dumaguete Info? Under the code it should show your user name and then say "Dumaguete Info".

Have you tried to go to the G.A. "Settings" then "Time correction for codes"?

 

I'm still on KitKat. I have it set up for various sites (Google/Facebook/Dynadot) and I just set it up again on DI without any problems. Not sure if anyone else has set it up on the forum, I've had one person mention it but did not say if he had set it up himself. I'm unsure of what the problem might be at the moment. I've been meaning to update my phone to 5.x but just haven't had the time yet. That might have something to do with it.

 

I'm working on the SSL cert.

I can't remove the forum software footer without paying a branding removal fee (and that's a bit expensive, $250 bucks for Xenforo. Each add-on has their own branding removal fee as well, which is usually around $50 each). XF is pretty strict with their branding, and I have even seen the moderators in their resources forum enforce third party branding as well. To remove all branding from the forum would cost me near 500-700 bucks. Last thing I want is to get blacklisted from future updates. I am quick to install updates as soon as they come out for the forum software and add-ons to avoid the vulnerabilities as much as possible.