This refers to a specific version of an add-on for the XenForo 1 forum software that adds Two-Factor Authentication (2FA) using YubiKey hardware security keys.
How to use YubiKey in XenForo 2:
The correct and secure path is to upgrade your forum to XenForo 2 and utilize its modern, built-in two-factor authentication system, which includes full support for YubiKeys and other security standards.
1. What is this Add-on?
- XenForo 1: The forum software platform (version 1.x series, which is now outdated).
- Two Factor: The category of the add-on, which enhances login security.
- Yubikey: The specific type of 2FA it implements. YubiKeys are physical USB (or NFC) devices that generate one-time passwords.
- Version 1.0.1: The specific version of this add-on. This is an early release and is considered very old.
2. Key Features (What it does)
When this add-on is installed and enabled on a XenForo 1 forum, it allows users (and/or administrators) to:- Register their YubiKey: Link their physical YubiKey to their forum account in the security settings.
- 2FA Challenge: After entering their correct username and password, they will be prompted to press the button on their YubiKey.
- Secure Login: The YubiKey generates a one-time password (OTP) which is sent to the forum. If it matches, access is granted.
3. Important Warnings & Critical Information
Warning #1: XenForo 1 is End-of-Life (EOL)
XenForo 1.x is no longer supported, maintained, or receiving security updates by XenForo Ltd. Running a forum on an EOL platform is a major security risk. It likely has unpatched vulnerabilities that can be exploited.Warning #2: The Add-on is Likely Incompatible and Unsupported
An add-on of version 1.0.1 is ancient. It was almost certainly built for an early version of XenForo 1. It will most likely:- Not work correctly with the final versions of XenForo 1.5.x.
- Cause errors or break parts of your forum.
- Have its own unpatched security vulnerabilities.
- Have no available support from the original developer.
4. The Modern Solution: Upgrading
The only recommended course of action is to upgrade your entire forum.- Upgrade to XenForo 2: Purchase a XenForo 2 license and migrate your forum from XF1 to XF2. This is a standard process with official importers.
- Use Native Yubikey/2FA in XenForo 2: The excellent news is that XenForo 2 has built-in, robust Two-Factor Authentication support, including YubiKey (OATH).
How to use YubiKey in XenForo 2:
- Go to your account -> Security & privacy -> Two-step verification.
- You can set up multiple methods: Authenticator app (TOTP), Email, and Security keys (which includes FIDO2 and YubiKey OTP).
- Users can register their YubiKeys here seamlessly.
5. If You Insist on Using XF1 and this Add-on
This is highly discouraged for production sites. Only consider this for a test/development environment.- Source the File: You would need to find the YubikeyTwoFactor-1.0.1.zip (or similar) file. It's no longer available on official channels, so you'd be relying on third-party archives, which is a security risk in itself.
- Installation:
- Log in to your XenForo 1 Admin Control Panel (ACP).
- Go to Add-ons -> Install Add-on.
- Upload the ZIP file.
- Configuration:
- After installation, go to Options -> Options -> Yubikey Two Factor.
- You will need a Client ID and a Secret Key from the Yubico API. This is required for the add-on to validate the OTPs with Yubico's servers.
- Configure which user groups are required or allowed to use it.
Conclusion
Do not use "Yubikey Two Factor 1.0.1" on a live XenForo 1 forum. The combination of an outdated forum platform and an outdated security add-on creates an extremely vulnerable system.The correct and secure path is to upgrade your forum to XenForo 2 and utilize its modern, built-in two-factor authentication system, which includes full support for YubiKeys and other security standards.