Introduction

Authentication, Login protection

A real Two Step Verification system for Joomla!


Joomla 4.2 and later versions

Joomla 4.2 or later includes a new Multi-factor Authentication (MFA) feature. This feature was contributed by our lead developer and is essentially Akeeba LoginGuard 6, adapted to be a core feature of Joomla's users component instead of a separate extension.

Akeeba LoginGuard 7 is simply a collection of authentication plugins which could not be included with Joomla itself as they rely on third party services, something not allowed for Joomla core code:
* Code by SMSAPI. Uses the third party SMSAPI service to send six-digit verification codes to your users' phones.
* Code by PushBullet. Uses the third party PushBullet service to send six-digit verification codes to your users' smartphones and Chromium-based desktop browsers.

Furthermore, installing LoginGuard 7 will automatically migrate all your Akeeba LoginGuard second verification step entries into native Joomla Multi-factor Authentication entries, it will publish the right Joomla MFA plugins, and disable LoginGuard's plugins — in other words, it will automatically migrate from Akeeba LoginGuard to Joomla MFA for you.

We'd like to thank everyone who has used LoginGuard between 2016 and 2022. Your encouragement and feedback helped us develop a robust multi-factor authentication solution for Joomla which can now be enjoyed by every Joomla user!

For older versions of Joomla (3.10, 4.0, and 4.1)

Security experts agree that the first step to securing your site against unauthorized access is using a second step during the login process. Joomla 3.2 and later offer Two Factor Authentication which requires you to enter a security code along with your password to log into your site. However, Two Factor Authentication is susceptible to spoofing attacks. Moreover it does not let you use any second factor which is not a text code known to you before you login.

The solution to that is Two Step Verification. You login with just your username and password. However, at this point, you have a "captive login" and you cannot use the site unless you provide your second authentication factor. This could be a text code generated by Google Authenticator like what Joomla already allows, or something impossible to use with core Joomla such as a text code sent to you by SMS or push notification or even a secure hardware token following the FIDO U2F (Universal Second Factor) standard. After providing and validating the second factor your login becomes full features and you can use the site. This is very much like what Google does when you try to login to GMail; or what happens when you log into GitHub; or how Apple handles login to iCloud.

You can easily set up which user groups are required to set up Two Step Verification and which user groups should not have that option. Users can enrol themselves to Two Step Verification or opt out of it (unless their user group requires it to be set up).

Akeeba LoginGuard currently supports the following second factors:
* Web Authentication (WebAuthn), the W3C standard for multi-factor authentication
* Authenticator App (Google Authenticator, Authy, 1Password etc)
* YubiKey
* U2F (any USB or NFC token following the U2F protocol will do, including the cheap Amazon ones)
* PushBullet (only with a paid PushBullet account)
* SMS Text Message (you need a paid subscription to the supported SMS service; read the documentation)
* Email
* Fixed Code (ONLY FOR DEMONSTRATION - this is the same as using a password; don't use on production sites)

This extension is brought to you by the same person who contributed the code to Joomla's Two Factor Authentication and Web Authentication features. It is what I wanted to contribute to Joomla but couldn't due to several factors outside my control at the time. Akeeba LoginGuard is currently used on hundreds of sites by a combined user base in the hundreds of thousands.

We have two version families currently supported: Akeeba LoginGuard 5 for Joomla 3 supported until August 17th 2023 and Akeeba LoginGuard 6 for Joomla 4 supported until October 17th 2022.

End of Life Notices for previous versions

Akeeba LoginGuard 6 for Joomla 4.0 and 4.1 is End of Life since October 17th, 2022, two months after Joomla 4.2.0 with the new Multi-factor Authentication feature was released.

Akeeba LoginGuard 5 for Joomla 3.10 is currently in security maintenance (only security issues, if any are found, will be fixed) and will become End of Life on August 17th, 2023 when Joomla 3 itself becomes End of Life.

Akeeba LoginGuard versions 1 to 4 are End of Life. They are no longer developed or maintained.

Functionality
Great , i use email + google authentication
Ease of use
Very easy
Support
Very good
Documentation
Very good
I used this to: we are company selling joomla extensions , and we want to secure our joomla users more.
Functionality
With this extension, you can have a Two Step Verification with many systems :
YubiKey, Authenticator App, U2F, Pushbullet, SMS Text Message.
Ease of use
Simple
Support
Support for this extension never used, Never used but the Akeeba site have a very good support for my other akeeba extensions.
Documentation
Ok
I used this to: My site.
I prefer to use The Yukey extension because i can choose between "front only", "backend only" or Both for The "site section" parameter.
Akeeba Backup
Free

Akeeba Backup

By Akeeba Ltd
Site Security
Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server, making it ideal not only for backups but also for site transfers or even deploying sites to your clients' servers. Akeeba Backup creates a full backup of your site in a single archive. The archive contains all t...
Admin Tools
Free

Admin Tools

By Akeeba Ltd
Site Security
Admin Tools is a true Swiss Army knife for your site. Our freely available Admin Tools Core fix your files' and directories' permissions, protect your administrator directory with a password, migrate links pointing to your old domain on-the-fly and perform database maintenance, all with a single click. We have two currently maintained version families. Admin Tools 7: Joomla 4, PHP 7.2 or later. A...
Admin Tools Professional
Paid download

Admin Tools Professional

By Akeeba Ltd
Site Security
Admin Tools Professional is a comprehensive security enhancing component and site administration toolkit for your Joomla!™ site. We were the first component to offer a triple layer of security for your site: active server security with our .htaccess, NginX Conf and Web.Config Maker; active application security with our Web Application Firewall; passive security with our PHP File Change Scanner w...
Akeeba SocialLogin
Free

Akeeba SocialLogin

By Akeeba Ltd
Site Access
Allow your users to log in with their social media profile (Facebook, Twitter etc) or account (GitHub, Google, Microsoft). Your users can login or create a new user account to your site using their social media profile (Facebook, Twitter etc) or account (GitHub, Google, Microsoft). For example, someone can create a user account on your site using their Facebook login, without going through Jooml...
Akeeba Engage
Free

Akeeba Engage

By Akeeba Ltd
Articles comments
Free of charge solution for comments in Joomla™ core content (articles). Full HTML editor, fast, secure. Nested, full HTML comments. Comments can be nested (up to 6 levels deep). Your site’s visitors enter comments using Joomla’s configured WYSIWYG editor; no more typing in raw HTML / bbCode / Markdown or using awkward editors which look out of place. All comments are stored in your site’...
Akeeba Ticket System Core
Free

Akeeba Ticket System Core

By Akeeba Ltd
Help Desk
A simple, powerful helpdesk component for Joomla!. Users can be given permissions to create support tickets in one or more support categories. Only the person who filed the ticket called the owner and specifically authorised users called the support staff (or “managers”) can reply to them. This is unlike a forum where anyone can reply. Support tickets can be private or public. Private ticket...
Akeeba Ticket System Professional
Paid download

Akeeba Ticket System Professional

By Akeeba Ltd
Help Desk
A simple, powerful helpdesk component for Joomla!. Users can be given permissions to create support tickets in one or more support categories. Only the person who filed the ticket called the owner and specifically authorised users called the support staff (or “managers”) can reply to them. This is unlike a forum where anyone can reply. Support tickets can be private or public. Private ticket...
SkeletonKey
Free

SkeletonKey

By Akeeba Ltd
User Management
Allows Joomla!™ administrators to log in as any other user. Sometimes users report issues on your site which at first glance don't make sense. Troubleshooting them requires having access to their user account on your site. For example, reported issues with discount coupon codes in e-commerce sites, or users not seeing modules / menu items which according to their user groups they should be seei...
Akeeba DataCompliance
Free

Akeeba DataCompliance

By Akeeba Ltd
Site management tools
A simple tool to facilitate GDPR conformance of your Joomla! sites The component allows the site's visitors to: give or revoke their consent for personal data processing (and prevent the user from using the site if they have not provided consent). export all data we have on them to a commonly machine-readable format (XML). exercise their right to be forgotten (account removal) with a concrete a...
Amazon S3 Filesystem
Free

Amazon S3 Filesystem

By Akeeba Ltd
File Management
Integrate Amazon S3, CloudFront and Amazon S3–compatible storage with Joomla!'s Media Manager. This plugin allows you to save your media files to Amazon S3 and third party storage services compatible with the Amazon S3 API (with S3 signatures version 2 or 4). You can optionally use this plugin with Amazon S3 buckets serving as origins for an Amazon CloudFront distribution. In this case the URL...

Akeeba LoginGuard

Version:
7.0.0
Developer:
Akeeba Ltd
Last updated:
Dec 03 2022
3 months ago
Date added:
Mar 06 2018
License:
GPLv2 or later
Type:
Free download
Includes:
c p
Compatibility:
J3 J4
Download

Uses Joomla! Update System

Score:


Write a review