Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Welcome to Akeeba LoginGuard
A real Two Step Verification system for Joomla!
What does it do?
This solution adds a Two Step Verification for Joomla! login. After logging in with just your name and password you are asked to provide your second step verification, e.g. a code generated by Google Authenticator. Until you provide a correct second step verification you will not be able to access any pages on the site. You will always be redirected to the "captive login" page. This is very much like what Google does when you try to login to GMail.
This is not the same as two factor authentication which is already implemented in Joomla. Two Factor Authentication requires the second authentication factor (e.g, the code generated by Google Authenticator) to be entered together with the username and password.
The advantages of Two Step Verification over two factor authentication are:
- Less confusing for the user. There is no longer a need for the "Secret Key" field which confuses users.
- It can work with non-password login methods such as social login (e.g. Facebook), secure hardware token, SSO (single signon) etc.
- Improved discoverability. Upon logging in you are asked to enable Two Step Verification on your account (this behavior is configurable).
- Better access control. You can use the Access controls in the Joomla! plugin setup page to determine which user groups can use each verification method.
- Alternative authentication methods in a single account. You can have several authentication methods on your account. For example you may set up a Google Authenticator app and a YubiKey.
- Supports methods which do not require entering a code. For example U2F dongles, biometric verification etc. These need to interact with the browser and/or the operating system through native HTML5 APIs.
- Supports methods which require user interaction. For example sending a code via push message, SMS or email. These methods require knowing which user is being authenticated before pushing the authentication code to the user.
We recommend reading the following pages in order:
Found a bug?
Please check out the existing issues. If nobody else has already reported it and you are certain it is a bug feel free to file an issue. The issue template will guide you in providing the necessary information to submit a useful issue report.
We kindly request that you do not file GitHub issues for generic support requests, off-topic questions or vague issues which require a psychic to decipher. Those issues will be closed and most likely locked without a response.
Have a suggestion?
If you have a suggestion for a feature which would benefit everyone file an issue and make your case about the feature you have in mind. Better yet, send in a PR with its implementation.
If you have a suggestion about something which would benefit only you / your organization / a very limited number of people please get in touch with us through our site's Contact Us page. If it's an interesting project we may consider it. We have very limited time so we apologize in advance if we have to turn down your project.
If you want to build the packages yourself please consult the Building the packages page.