In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.

The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their
devices and enabling this enhanced security on their account.

Requirements

• Requires NodeBB v0.7.2 or newer.

Installation

Install the plugin via the ACP/Plugins page.

Screenshots

Token Generation Step

Challenge Step

Changelog

v1.0.2

• Added the ability to disassociate user tokens via the ACP page (in case users get locked out)

v1.0.3

• Bug: Fixed the browser title on the TFA settings page
• Bug: Fixed issue where hitting enter while keying in the validation code would abort the process

In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.

The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their
devices and enabling this enhanced security on their account.

Requirements

• Requires NodeBB v0.7.2 or newer.

Installation

Install the plugin via the ACP/Plugins page.

Screenshots

Token Generation Step

Challenge Step

Changelog

v1.0.2

• Added the ability to disassociate user tokens via the ACP page (in case users get locked out)

v1.0.3

• Bug: Fixed the browser title on the TFA settings page
• Bug: Fixed issue where hitting enter while keying in the validation code would abort the process

In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.

The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their
devices and enabling this enhanced security on their account.

Requirements

• Requires NodeBB v0.7.2 or newer.

Installation

Install the plugin via the ACP/Plugins page.

Screenshots

Token Generation Step

Challenge Step

Changelog

v1.0.2

• Added the ability to disassociate user tokens via the ACP page (in case users get locked out)

v1.0.3

• Bug: Fixed the browser title on the TFA settings page
• Bug: Fixed issue where hitting enter while keying in the validation code would abort the process

In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.

The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their
devices and enabling this enhanced security on their account.

Requirements

• Requires NodeBB v0.7.2 or newer.

Installation

Install the plugin via the ACP/Plugins page.

Screenshots

Token Generation Step

Challenge Step

Changelog

v1.0.2

• Added the ability to disassociate user tokens via the ACP page (in case users get locked out)

v1.0.3

• Bug: Fixed the browser title on the TFA settings page
• Bug: Fixed issue where hitting enter while keying in the validation code would abort the process

Is it possible to have 2fa by email?

@darkpollo that I my view defeats in entire purpose of 2fa. If your email was hacked, they'd also have the two factor which is what your are looking to secure in the first place.