{"id":18406103,"url":"https://github.com/nodebb/nodebb-plugin-2factor","last_synced_at":"2025-07-05T19:34:53.510Z","repository":{"id":35530762,"uuid":"39801640","full_name":"NodeBB/nodebb-plugin-2factor","owner":"NodeBB","description":"Two-Factor Authentication for NodeBB","archived":false,"fork":false,"pushed_at":"2025-05-01T14:06:46.000Z","size":1834,"stargazers_count":13,"open_issues_count":5,"forks_count":15,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-01T14:44:13.566Z","etag":null,"topics":["hacktoberfest","nodebb","totp"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NodeBB.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-07-27T22:49:02.000Z","updated_at":"2025-05-01T14:06:48.000Z","dependencies_parsed_at":"2024-06-19T22:46:51.242Z","dependency_job_id":"9336fb73-aeb7-4a4e-a250-b65c5724d40d","html_url":"https://github.com/NodeBB/nodebb-plugin-2factor","commit_stats":{"total_commits":255,"total_committers":21,"mean_commits":"12.142857142857142","dds":0.4509803921568627,"last_synced_commit":"023034e7d143e272c38fdabae26ee77f0c1838d7"},"previous_names":["julianlam/nodebb-plugin-2factor"],"tags_count":80,"template":false,"template_full_name":null,"purl":"pkg:github/NodeBB/nodebb-plugin-2factor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeBB%2Fnodebb-plugin-2factor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeBB%2Fnodebb-plugin-2factor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeBB%2Fnodebb-plugin-2factor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeBB%2Fnodebb-plugin-2factor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NodeBB","download_url":"https://codeload.github.com/NodeBB/nodebb-plugin-2factor/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NodeBB%2Fnodebb-plugin-2factor/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263795229,"owners_count":23512649,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","nodebb","totp"],"created_at":"2024-11-06T03:06:53.253Z","updated_at":"2025-07-05T19:34:53.451Z","avatar_url":"https://github.com/NodeBB.png","language":"JavaScript","readme":"# Two-Factor Authentication for NodeBB\n\nIn addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if:\n\n* A time-based one-time password is supplied, typically generated/stored on a mobile device, or\n* A hardware token is activated, such as a [Yubikey](https://www.yubico.com/) or other similar product\n\nThe Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their\ndevices and enabling this enhanced security on their account.\n\n## Version History\n\n* v7.x\n\t* Logged-in users who have not passed the second-factor are now treated as guests. Prior to this, they were considered logged in, but were not able to physically navigate away from the 2FA challenge.\n\t* v7.0.2 to v7.2.2 (inclusive) allowed routes mounted to `/api/v3` to not be protected by this plugin. This allowed automated processes to interact via API with 2FA-protected accounts without being challenged for a second factor. As of v7.3.0, this exception was removed as best-practice for security.\n* v6.x\n\t* NodeBB v3.x compatibility\n* v5.x\n    * Allows for multiple concurrent second factors (e.g. TOTP and WebAuthn).\n\t* The backup code is now considered a second factor, although it is still recommended to be generated when setting up TOTP/Authn\n* v4.x\n\t* NodeBB v2.x compatibility\n* v3.x\n    * Introduces hardware key support via [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).\n\t* This version is fully backwards compatible with v2.x. The major version bump was merely due to the introduction of the new functionality\n\n## Caveats\n\n* Due to browser limitations, the hardware key _on mobile devices_ (especially Android devices) may not be supported. For more information on which devices are and are not supported, [please consult this chart](https://webauthn.me/browser-support)\n\n## Installation\n\nInstall the plugin via the ACP/Plugins page.\n\n## Screenshots\n\n![Token Generation Step](./screenshots/generate.png)\n\n**Token Generation Step**\n\n![Challenge Step](./screenshots/challenge.png)\n\n**Challenge Step**\n\n## Attributions\n\n![Keeb.it logo](https://user-images.githubusercontent.com/923011/148803741-3b1f58f8-173e-4024-8260-f1b26b259213.png)\n\nThanks to @yLothar and the [KEEB.it](https://keeb.it/) community for sponsoring WebAuthn and hardware key support.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodebb%2Fnodebb-plugin-2factor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnodebb%2Fnodebb-plugin-2factor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodebb%2Fnodebb-plugin-2factor/lists"}