Two-Factor Authentication module released
Hello, X-Carters!
Great news! I am glad to announce a release of Two-Factor Authentication module. It protects your organization's most valuable assets with the most powerful Two-Factor Authentication system. http://www.x-cart.com/sites/default/files/modules/2Factors_authorization_icon.png The key features are: http://www.x-cart.com/sites/all/themes/xcartcom/images/checkmark.png Increases your store security Even if the username and password is stolen by means of some spyware, the hacker will still have no access to your account, as he also need a token to login. http://www.x-cart.com/sites/all/themes/xcartcom/images/checkmark.png Does not store your accounts credentials Even if Authy server is compromised, the hacker will have no usernames or passwords, as these sensitive details are NOT stored on their side. http://www.x-cart.com/sites/all/themes/xcartcom/images/checkmark.png Supports any cellphone. Free Authy apps are available for iPhone, Android and Blackberry. For other cellphones the token is sent via text-message. Optionally, admin can enable forced SMS, regardless is Authy application is installed or not http://www.x-cart.com/sites/all/themes/xcartcom/images/checkmark.png Free plan is available. Requires an account with Authy. They offer a wide range of plans, from free (1,000 Users, 500 Auths / mo) to enterprise, so you will be able to chose the one that suits you best. Two-Factor Authentication video tutorial Two-Factor Authentication screenshots Two-Factor Authentication manual Compatible versions: 4.1.x or above |
Re: Two-Factor Authentication module released
Quick Start
To enable Authy's two-factor authentication service at your X-Cart store, follow these steps: 1. Sign up for Authy's service at Authy.com 2. If you are going to use a smartphone for authentication, download from the Authy site and install on your phone device the application that will be used to generate security tokens for log-in (To download the app, point the browser on your phone device to www.authy.com/install). Run the application on your phone and complete the steps required to register your phone in Authy's system. Note: Using Authy's downloadable app is completely optional; if you prefer security tokens sent via SMS, you do not have to install anything on your phone - simply skip this step and proceed to Step 3. 3. Activate your Authy account by signing in. Note that to sign in you will be required to enter a security token from your phone. You can enter a token generated by the Authy app on your phone device or request the token to be sent to your cellphone via text-message. After signing in to your Authy account you'll find your API keys for sandbox (use it for testing) and production. Keep these keys private. 4. Install the Two-Factor Authentication module in X-Cart 5. Enable the module in X-Cart's back end and enter your Authy API key in its settings 6. Specify your phone number and country in your profile. Be sure to enter the phone number using the international format: + (plus sign) then country code, then space or dash, then phone number. That is all. Now if you log out and try to log in to the store again, you will notice an extra step added to the authentication process on your site: after entering your regular site login and password you will be required to enter a security token from your mobile phone. |
Re: Two-Factor Authentication module released
Just bought this tonight, looks great!
|
Re: Two-Factor Authentication module released
Quote:
Cool! Appreciate your purchase. Should you encounter any issues or have any questions feel free to contact us. |
Re: Two-Factor Authentication module released
Hi!
Good news! Two-Factor Authentication module is now available for X-Cart 4.0.x versions too! http://www.x-cart.com/extensions/modules/two-factor-auth.html |
Re: Two-Factor Authentication module released
Hi Rocky,
We were able to get this to work months ago but I will note that it was very difficult to get in contact with the company behind the actual service. It took us weeks for them to actually acknowledge our messages.. again this has nothing to do with X-Cart or your company, just an FYI when using Authy as a service :/ Overall we are pleased with the performance of the module, and it was definitely worth the $99 price tag. Thanks, Ryan |
Re: Two-Factor Authentication module released
Quote:
Thank you for your feedback, Ryan! This is actually strange, because Authy was always responsive to my messages. In any case, I will let them know that this issue took place. Just out of curiosity, can you please specify which problems have you encountered? I've registered an account with Authy myself and it went quite smoothly (at least for the free plan) - I registred a new account with them, registered my smart phone (via www.authy.com/install) and then configured it on X-Cart side on the modules configuraton page in admin area (simply filled in the required fields). By the way, do you use SMS or iPhone/Android/Blackberry App? Should you encounter any problems with the module feel free to contact us. |
Re: Two-Factor Authentication module released
Hi Rocky,
I have to second what Tigershark8700 said above, we implemented Authy on another project and getting anything out of them support wise is difficult. (This is why we never implemented on x-cart ) |
Re: Two-Factor Authentication module released
Quote:
I see. I guess I should talk to Daniel (Authy CEO) regarding that. However, I need real cases. So, guys if you face with Authy unresponsiveness, please let me know what the problem is, probably it's not even related to Authy. Otherwise, I'll try to find out why it took them so long to respond. However, it's still not clear to me why do you need their assistance? As I said I've registered with no problems and it had nothing to do with Authy, all went smoothly in automatic mode. Probably, you've tried to implement their API from a scratch? The thing is that it's already integrated in our module. All you need to do is: 1. Install our X-Cart extension as usually 2. Sign up for Authy account 3. Register your phone via www.authy.com/install 4. Configure Two Factor Authentication module in admin area (fill in your account details). That's all. You can try at least. The module is refundable within 30 days, so it's absolutely risk free. |
Re: Two-Factor Authentication module released
in our case, it was an API implementation, but that wasn't where the support issues were.. In a couple of our test users they would go through the motions to get registered and have trouble either with the app on the phone or the registration process (we never did get it sorted out which was which)
The symptom was that Authy would show the "application" registered but it would never appear on the phone itself. |
Re: Two-Factor Authentication module released
Quote:
I've successfully went through the registration process on I guess about 20 phones. When you run www.authy.com/install in your phone browser it automtically suggests you to download an appropriate application, you should just follow the steps. In any case, thank you for your feedback as well. Hope you try this module for X-Cart one day. Should you encounter any problems with registration, please contact me, Alex Diatchkov, directly via HelpDesk and I'll be glad to assist you. |
Re: Two-Factor Authentication module released
Would it not have been easier to use Google Authentication? It's easy to use!
|
Re: Two-Factor Authentication module released
Yeah I actually wondered that too, why wasn't there an effort to implement RFC-4226 so that people could use Google Authenticator (or any RFC compliant HOTP client) rather than make them sign up for a commercial service? Especially when there's libraries like PHPGangsta (https://github.com/PHPGangsta/GoogleAuthenticator) are available.
|
Re: Two-Factor Authentication module released
:)
|
Re: Two-Factor Authentication module released
Thats what we did, we bailed out on Authy for google auth .. when i get round to it we will probably do it for x-cart too.
|
Re: Two-Factor Authentication module released
Authy is a reliable service, easy to plug-in and set up.
exsecror, you speak of it as though there are only commercial plans. One can sign up for the starter (absolutely free) plan and use it, the number of tokens is more than sufficient to protect admin area. In any case, why not add Google Authenticator as a second option so that customers could choose which service to use. Thank you for the suggestion. |
Re: Two-Factor Authentication module released
Quote:
I do apologize if I articulated that as such but I only took a cursory look at the site so I was unaware of the starter plan. I just tend to take a hard line on relying too heavily on outside services because if they go down or something changes you're rather stuck. |
Re: Two-Factor Authentication module released
Two-Factor Authentication for 4.6.1 has been recently uploaded to the File Area. Please feel free to use.
|
Re: Two-Factor Authentication module released
I've actually had a very bad experience with authy so far (not the X-Cart module) but the company itself.. Going through the registration process was a nightmare, and after 3 support tickets, emails and phone calls, still no response.. sigh :/
|
Re: Two-Factor Authentication module released
Same thing we found .. no response from anyone ..
Moved everything to GA .. didn't have to open a ticket yet, rumor has it you won't get a response, but everything worked as advertised so there was no need. Quote:
|
Re: Two-Factor Authentication module released
Quote:
Thanks for letting us know.. I will try for a few more days, but at the moment looks like we spent $99 on this module with the inability to use it due to the Authy Company :( |
Re: Two-Factor Authentication module released
There are errors in the install file x-two-factor-auth.sql...
The international dialing codes for several countries are incorrect. The international dialing code for "AU" (Australia) is 61 (not 672 which is Antarctica!) |
Re: Two-Factor Authentication module released
Quote:
Thanks for reporting the issue. We've found out that the codes for Great Britain and Ireland are also wrong. Please apply the attached patch AFTER installation of the Two-factor authentication module. To do this, open the Patch/Upgrade center and copy-paste the following lines to SQL patch section: Code:
UPDATE `xcart_twofactor_dialing_codes` SET `code` = 61 WHERE `country` = 'AU'; |
All times are GMT -8. The time now is 04:07 PM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.