Akeeba LoginGuard

A real Multi-factor Authentication system for Joomla!

What does it do?

Akeeba LoginGuard introduces real Multi-factor Authentication for the Joomla! login.

Joomla's Two Factor Authentication requires you to enter a security code along with your username and password. As a result it is limited to methods which can generate a text code before you log in thus limiting you to Time-based One Type Password (a.k.a. authenticator codes), YubiKey and similar solutions. On top of being restrictive on the type of authentication methods it can also be phishable, i.e. you can be tricked into entering this information on an untrusted page. Furthermore, it only applies when logging in with a Joomla username and password, not when any other login method is used. As a result, Joomla's Two Factor Authentication is insecure and must not be trusted upon to secure your user account.

Multi-factor Authentication is more flexible and offers methods which are phishing-resistant. After logging in with just your username and password — or any other method your site supports — you are asked to proceed with the secondary authentication. For example, providing a code generated by Google Authenticator, using WebAuthn (such as a FIDO2 secure hardware token, Windows Hello, Apple TouchID/FaceID, Android biometric screen lock) and so on. Until you successfully complete the secondary authentication you will not be able to access any pages on the site. You will always be redirected to the "captive login" page. This is very much like what, for example, Google does when you try to login to GMail. Having a captive login allows the use of out-of-band secondary authentication methods such as sending a code by email, push notification or text.

Akeeba LoginGuard is written by the same people who contributed the Two Factor Authentication and WebAuthn Passwordless Authentication in Joomla itself, a company which publishes security-oriented extensions for Joomla!™. Akeeba LoginGuard is distributed free of charge for commercial and non-commercial use; we believe security and privacy are fundamental human rights.

For more information and documentation for administrators, users and developers please consult the documentation Wiki.

Download

Pre-built packages of Akeeba LoginGuard are available through our Downloads page.

Akeeba LoginGuard comes with English (Great Britain) language built-in. We do not offer official translations in any other language nor do we accept pull requests for language files. You are free to provide free of charge translations for your own language, licensed under the GNU GPL v3 license, the same license the original files are licensed under.

Support policy

See our Support resources page and read our Code of Conduct.

Contributing

Please read our Contributing page.

Prerequisites for building the package

If you are NOT a developer we very strongly recommend using the pre-built packages of Akeeba LoginGuard which are available through our Downloads page. If you are NOT a developer you can stop reading now 😉

If you are a PHP software developer who wants to help develop Akeeba LoginGuard you may need to be able to build an installable package from the sources. To do this, you will need to have the following tools:

• A command line environment. Using Bash under Linux / Mac OS X works best. On Windows you will need to run most tools through an elevated privileges (administrator) command prompt on an NTFS filesystem due to the use of symlinks. Press WIN-X and click on "Command Prompt (Admin)" to launch an elevated command prompt.
• A PHP CLI binary in your path
• Command line Git executables
• Phing
• Node.js and NPM for transpiling the JavaScript and ECMAScript files.
• SASS for compiling the SCSS sources into CSS usable by the browser.

You will also need the following path structure inside a folder on your system:

• loginguard This repository
• buildfiles Akeeba Build Tools

You will need to use the exact folder names specified here.

Building a dev release

Go inside the build directory of this repository and run phing git to create a development release. The installable Joomla! ZIP package file is output in the release directory.

Contributing code back to LoginGuard

Please submit a Pull Request on GitHub. We kindly request that you do fill in the information which is present in the Pull Request template displayed on GitHub's user interface when you try to submit your Pull Request. It helps us understand what you are doing and why.

If you have an idea but don't want to waste time implementing it in code until you know that it's likely to be included in the software we kindly ask you to submit a new issue using the Feature Request template. Please do follow the template you see when you try to submit an issue of this type. It will help us understand what you are planning on doing and why.

We would like to kindly ask you to keep in mind that not all feature requests and pull requests will be accepted. In the end of the day we need something which is useful to everyone and doesn't disadvantage a large cohort of our users to the benefit of a smaller one.