EE One-Time-Passwords

Developer

JCOGS Design

3rd Party (Commercial)
Minimum EE Version: 6.0
Release Date: Oct 8, 2021

License Agreement

Buy Now!

$35.00
Qty:

EE Version Support

  • ExpressionEngine 6

Compatibility

If an item is crossed out, it might be untested, not applicable or incompatible. Contact the developer to be sure.

  • Updater
  • Multi Site Manager
  • Stand Alone Entry Form
  • Low Variables
  • Content Elements
  • Better Workflow
  • Matrix
  • Grid
  • Webservice
  • Publisher

Requirements

  • jQuery for the Control Panel

Add-On Type(s)

Extension, Module

Tags

A simple to implement Two Factor Authentication (TFA) solution for EE6 sites.

EE OTP modifies the EE log in process to require a user to enter a six-digit “One-Time Password” in addition to their regular log in credentials; the six-digit code is generated algorithmically from a sixteen character key linked to the user’s account.

Use standard authenticator apps

EE OTP implements the IETF RFC4226 standard for OTP codes, which means the required codes can be generated by most standard “Authenticator apps”.

Or send OTP codes by email

EE OTP supports the sending of the OTP code to the member by email. If the user chooses this option the email is sent automatically during the login process.

Coming soon… EE5 support

An EE5 version is planned for release during October 2021.

Coming soon… SMS support

A later version will add support for the sending of a user’s OTP code by SMS (and possibly other messaging platforms).

Easy to configure

EE OTP uses the Member Roles system introduced in EE6 to control which site members have access to OTP, and to set whether access for a role group is optional or mandatory.


Easy Installation

Copy the jcogs_otp folder to your system/user/addons folder and then install from the ExpressionEngine Control Panel Add-ons page.


Configuration options

Enable or disable OTP -  Does what it says on the tin…

Member Role where OTP Use is Required - Choose a member role for which use of OTP will be required. If the members you want to be required to use OTP do not match a current role group perfectly, simply create a new member role and associate them with that new Role.

Member Role where OTP Use is Optional - Choose a member role for which use of OTP will be optional. If the members you want to be required to use OTP do not match a current role group perfectly, simply create a new member role and associate them with that new Role.

Enable sending of OTPs by email -  Does what it says on the tin…

Name of Email Sender - Choose the name for the email sender that will be shown when OTP code email arrives.

Email Address of Email Sender - Choose the sender’s email address for the OTP code email.

Advanced Email Options

Subject line for OTP emails - The subject line of emails sent by EE-OTP always begins with the Site Label followed by whatever text is specified here.  By default this additional text is set to “One-Time Password”.

Email preamble - A paragraph of text that is included in the OTP code email immediately before the line containing the OTP code itself.  By default this left blank.

OTP Code Prefix - Text that will immediately preceed the OTP code in the email.  By default it is set to “Your OTP Code: “.

Email Closing - A paragraph of text that is included in the OTP code email immediately after the line containing the OTP code itself.  By default this left blank.

Change email Reply-To settings

Allows you to specify an email account to which replies to the OTP email should be directed. If this is not specified then most email systems will direct the reply to the email address given for the sender.

Name of Reply-To Account - Choose the name for the email sender that will be shown when OTP code email arrives.

Email Address of Email Sender - Choose the sender’s email address for the OTP code email.


Usage notes

Resetting the OTP Key
Each member is assigned a unique key that is used to generate and validate the OTP codes.  There are three ways in which this code can be reset:

  • If the member’s EE login password is changed for any reason (forced, they request etc.);
  • If the member enters invalid OTP codes more than three times in a row;
  • If the member opts to change the mode of OTP delivery (e.g. from email to authenticator).

Support

Support is available from JCOGS Design via email sent to otp_addon@jcogs.net or via @JCOGS Design the EE Slack discussion area.

 

Hooks Used

If the add-on is an extension, and ties into ExpressionEngine's core files, it will use ExpressionEngine hooks. We are listing any hooks the add-on uses for developers to have an easier time locating other add-ons that they can reference for their own work.

  1. cp_member_login
  2. login_authenticate_start
  3. member_member_login_multi
  4. member_member_login_single
  5. member_member_login_start

This entry was created October 8, 2021, 12:52 pm.
This entry was last updated October 8, 2021, 6:51 pm.

Disclaimer: Information about ExpressionEngine add-ons is provided as a service to you, the user, and every member of the ExpressionEngine community. devot:ee is not responsible if you hose, mangle, wreck, or otherwise destroy your EE website by installing an add-on that you found out about at this site, regardless of its rating, Favorites status, commercial or free status, or general popularity. Caveat EEmptor!

Returns: devot:ee has a 30-day return policy on all commercial add-ons sold through devot-ee.com. If you need to return an add-on, do not go to the developer or the developer's site, but rather visit our returns page at https://devot-ee.com/returns to initiate your return. If you have questions, email support@devot-ee.com.

There are no reviews for this add-on yet.

What are you waiting for? Rate it and review it!