U2F Authentication
Requirements
U2F to function properly requires HostBill to be using valid SSL certificate with modern browser
Overview
U2F authentication module allows to secure access to HostBill client and admin areas using U2F keys. U2F - Universal 2nd Factor is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices.
Additional module requirements
- Module was built and tested using Yubico YubiKeys - your authentication device needs to support U2F protocol
- Module requires HostBill to use valid SSL certificate ( HostBill needs to be accessed over https protocol)
Activating the module
- If the plugin is included in your HostBill edition you can download it from your client portal.
- If the plugin is not included in your HostBill edition you can purchase it from our marketplace and then download it from the client area.
- Once you download the plugin extract it in the main HostBill directory.
In order to activate the plugin go to Settings→ Modules→ Plugins → Inactive, find and activate U2F Authentication (class.u2f_webauthn.php) plugin.
- Once the plugin is activated you will be directed to Settings→ Modules→ Plugins to configure the module.
Module update
If you are using old module version: class.u2f_authn.php make sure to update it/replace with new: class.u2f_webauthn.php. Old module will soon stop working under modern browsers.
Note: Its not possible to migrate keys created under new modules to new one, clients/staff needs to re-add them post-update
Using module - administrators
To start using U2F, you first need to configure your U2F keys. Go to your Admin → My Account page and proceed to Multi-factor auth → Configure, where you will be able to select U2F authentication module as your multi-factor module.
Once enabled you will be able to manage your U2F keys in Manage section in which you can see your U2F keys, delete them and add new ones. To add a new U2F key enter the key name in the `Key name` field and then press the Add button. Next you need to insert your USB key and if the key has a button then press it. After these actions, the key will be assigned to you.
Next, when logging into the administration panel, you will have to log in using one of the keys that you previously assigned to yourself.
Using module - clients
Registration and authorization of the keys for clients is very similar to the procedure for registration and authorization of the keys for administrators.
Authorization using U2F keys can be enabled/disabled In Security → Multi-Factor Auth page.
After enabling enabling it in same section you will be able to manage your U2F keys, delete them and add new ones. To add a new U2F key, enter the key name in the field `Key name` and then press the Add button. Next you need to insert the USB key and if the key has a button then press it. After these actions, the key will be assigned to your account.
Next, when you logging into the portal you will have to use one of the created keys.
After you provide email and password, you will be asked to insert the U2F key. After successful authorization, you will be redirected to the client area.