Features
- Support for WebAuthn / FIDO2 security keys as two-step authentication (hardware devices such as YubiKeys are what large tech companies such as Google require their employees to use to keep their accounts secure).
- Support for multiple keys per user
- Option for Days to trust two-step verification. Now you can set it to whatever is appropriate for your site, vs it being hardcoded to 30 days in XenForo.
- Users can see/manage the...
- Update for PHP 8.1
- Enforce requirement that server has OpenSSL PHP extension installed
There are no functional changes, just phrasing. If you override the default 30 days to trust a TFA device, the phrase presented to the user when they are choosing to trust their device is fixed to show the right number of days.
No functional changes, just the removal of Font Awesome Duotone icon usage
This is purely a cosmetic change that reworks how XenForo presents two-step verification options to users.
This is purely a semantic update that renames security key to Passkey for user-facing verbiage.
Passkey is the new term that's going to be used by Apple, Google and Microsoft going forward for what used to be known as security keys or WebAuthn/FIDO2.
The term is also being adopted by Yubikey for their hardware keys.
- If user has no Passkeys setup yet, the button to manage them is labeled 'Enable' rather than 'Manage'
- Use a more specific selector when enabling/disabling the Submit button on the WebAuthn form
- New option: Options -> User options -> Recommended strong two-step options (defaults to 2)
- The user's two-step page will show a notice about not having enough strong two-step options if they have less than the number set under options (a reminder to users that they should have more...
- Checking for PHP version 7.1.0 or higher
- Removed dependency on third-party library to get list of countries for sessions and trusted devices
ive the user a better error message if they try to create a Passkey entry without actually registering a Passkey.
- Added ability to view and delete remembered sessions in admin area (new Sessions tab when editing a user)
- Fix for PHP warning when on PHP 8 and accessing site through localhost (a test setup)