[nodebb-plugin-2factor] Two-Factor Authentication

NodeBB Plugins
  • In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.

    The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their
    devices and enabling this enhanced security on their account.


    • Requires NodeBB v0.7.2 or newer.


    Install the plugin via the ACP/Plugins page.


    Token Generation Step

    Token Generation Step

    Challenge Step

    Challenge Step



    • Added the ability to disassociate user tokens via the ACP page (in case users get locked out)


    • Bug: Fixed the browser title on the TFA settings page
    • Bug: Fixed issue where hitting enter while keying in the validation code would abort the process
  • Very nice! Works fine.

  • Good to hear it @revunix ๐Ÿ˜„

    I hope to add support for reset keys and ACP deactivation, as currently, if you lose your device, you won't be able to bypass ๐Ÿ˜ฆ

  • @julian I recently had my phone smashed by a drunk friend (I could just make out the numbers on a flickering screen) and discovered how terrible the "reset code" or "add code to another device" situation is with a new phone on sooo many websites where I had 2FA, even if you can get in with your current one.

  • @drew Indeed, I don't know how many support tickets I will need to make for all the sites where I use 2 factor auth, 3 Google accounts, Steam, Cloudflare and much more...

    Anyways 2FA looks nice.

  • Published an update. (Changelog in OP)

    @drew @kowlin At least now the administrator can reset TFA keys, although getting in touch with the admin is another matter altogether ๐Ÿ˜†

  • Are backup codes supported now btw? I see a closed GitHub issue for them, which suggests they are.

  • @LB Yep, they are, although they are generated only when you start the 2FA setup process, so you will want to disable 2FA, trash your record, and re-generate one. The backup codes will be displayed a single time for you to record.

  • When I scan this with Authy or Google Authenticator it says "QR code is invalid" no matter how many times I create a new one. Is there a fix?

  • @cookieman768 The same situation(((

  • Plug-ins no longer work with the version ยซ1.7.5ยป.

  • @ilya Can you elaborate on what doesn't work? Saying "no longer work" doesn't help narrow down any problems.

  • @julian The problem was solved with FreeOTP Authenticator (Android).

  • @ilya This plugin no longer works with 1.17. Error below

    2021-04-23T13:18:12.371Z [4567/469428] - error: uncaughtException: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
    Error: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
        at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)
        at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)
        at /home/phenomlab/nodebb/src/middleware/render.js:89:11
        at new Promise (<anonymous>)
        at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)
        at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)
        at processTicksAndRejections (node:internal/process/task_queues:96:5) {"error":{"view":{"defaultEngine":"tpl","ext":".tpl","name":"admin/dashboard","root":"/home/phenomlab/nodebb/build/public/templates"}},"stack":"Error: Failed to lookup view \"admin/dashboard\" in views directory \"/home/phenomlab/nodebb/build/public/templates\"\n    at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)\n    at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)\n    at /home/phenomlab/nodebb/src/middleware/render.js:89:11\n    at new Promise (<anonymous>)\n    at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)\n    at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)\n    at processTicksAndRejections (node:internal/process/task_queues:96:5)","exception":true,"date":"Fri Apr 23 2021 14:18:12 GMT+0100 (British Summer Time)","process":{"pid":469428,"uid":1000,"gid":1000,"cwd":"/home/phenomlab/nodebb","execPath":"/usr/bin/node","version":"v16.0.0","argv":["/usr/bin/node","/home/phenomlab/nodebb/app.js"],"memoryUsage":{"rss":294481920,"heapTotal":195198976,"heapUsed":164432120,"external":74292726,"arrayBuffers":70953438}},"os":{"loadavg":[1.23,1.17,0.8],"uptime":340350.31},"trace":[{"column":17,"file":"/home/phenomlab/nodebb/node_modules/express/lib/application.js","function":"Function.render","line":580,"method":"render","native":false},{"column":7,"file":"/home/phenomlab/nodebb/node_modules/express/lib/response.js","function":"ServerResponse.render","line":1012,"method":"render","native":false},{"column":11,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":null,"line":89,"method":null,"native":false},{"column":null,"file":null,"function":"new Promise","line":null,"method":null,"native":false},{"column":10,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":"renderContent","line":88,"method":null,"native":false},{"column":14,"file":"/home/phenomlab/nodebb/src/middleware/render.js","function":"ServerResponse.renderOverride [as render]","line":64,"method":"renderOverride [as render]","native":false},{"column":5,"file":"node:internal/process/task_queues","function":"processTicksAndRejections","line":96,"method":null,"native":false}]}
    2021-04-23T13:18:12.371Z [4567/469428] - error: Error: Failed to lookup view "admin/dashboard" in views directory "/home/phenomlab/nodebb/build/public/templates"
        at Function.render (/home/phenomlab/nodebb/node_modules/express/lib/application.js:580:17)
        at ServerResponse.render (/home/phenomlab/nodebb/node_modules/express/lib/response.js:1012:7)
        at /home/phenomlab/nodebb/src/middleware/render.js:89:11
        at new Promise (<anonymous>)
        at renderContent (/home/phenomlab/nodebb/src/middleware/render.js:88:10)
        at ServerResponse.renderOverride [as render] (/home/phenomlab/nodebb/src/middleware/render.js:64:14)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
  • I've just seen an update for this plugin. Is it compatible now ? ๐Ÿค”

  • v5.0.0 of the 2factor authentication plugin has been published. It now allows for concurrent second factors, so you can have both a hardware key and an authenticator app in use at the same time.

    When challenged, you can use either option to verify your identity.

Suggested Topics

  • 0 Votes
    1 Posts

    Hi All,
    I'm a newbie in nodebb. I'm not understand the layout logic nodebb in nodebb.
    Actually I have a two feature need to change the template.

    I would like to update active user widget: I need to add username under the avator box. I would like to update the perrmission from nodebb-plugin-calendar: only admin can see the event response.

    I found the template in the plugins folder and change the template tpl code. And also re-build the nodebb. However the layout a still not updated. May I know what is the correct method to make a small changes in nodebb and how to update the template layout ?

    Thanks so much.

    Nodebb version : 1.17.0

  • 0 Votes
    1 Posts

    I'm hoping to pull In some YouTube videos that will embed into the post, so pull in the YouTube category feed automatically.

    Currently getting a 'Status 404 error' when inputting the feed URL, any ideas?

    I have posted this is the actual plugin thread but without any response so far. Has anyone managed to pull in and embed YouTube videos direct into the posts?

    Thanks ๐Ÿ‘

  • 0 Votes
    6 Posts
  • 17 Votes
    168 Posts
    Version 7.0.0 is available

    Hello all. With the help from @julian there is a new version available that is compatible with v2.2.x.

    @Andrea-0 try latest version of the plugin, v7. It should work now and be fully compatible with v2.2.x

  • Joomla and NodeBB SSO

    NodeBB Plugins
    0 Votes
    1 Posts

    I need a Joomla SSO stat. Anyone think they'd be able to tackle this project with me?