Elxis 5.5 Hermes has 2 factor authentication system built-in. Two-factor authentication (2FA), is a security process in which users provide two different authentication factors to verify themselves. The first one is your standard username (or email) and password. The second one is an one time password (OTP) which you must provide in order to login. OTP is a 6-digits random number which is refreshed every time you try to login. Elxis calls this Verification code. The verification code can be send to you either via e-mail, or SMS. Please read this article before you enable 2FA. There some things you need to know.
Enabling 2FA means that even if someone knows your username and password he wont be able to login to your account unless he provides a verification code. This code will be send to you after you provide your username and password. You can configure how you want to receive this code. You have 2 options: e-mail and SMS. If you select SMS and for some reason SMS fails to be send (eg. out of credits), Elxis will send the verification code to your e-mail instead. So, e-mail is used also as a backup dispatch method for SMS.
Before you enable SMS as 2FA dispatch method, make sure all of your users have provided their mobile phone numbers. Mobile phone numbers must be in international format, without spaces or symbols, or leading +. Example for a Greece: 306900100100, Italy: 390610001000, France: 33194009400, Germany: 4930900090000. However even if the format is not correct, don't worry as Elxis will fix it automatically when trying to send the SMS message. An other important factor is that you can use 2FA only in login forms having such functionality. If you try to login from a form that is no 2FA compatible you will never get the verification code and login will fail. All login forms in the default Elxis release are 2FA compatible. These 2FA compatible login forms are the following.
If you use an other template, or you have your site available only for registered users but you use an other than the standard offline exit page, or you use an other administration template, then make sure it supports 2FA authentication. If you enabled 2FA and afterwards you realized that none of your login forms are 2FA compatible you can disable 2FA be editing Elxis configuration file (use Elxis forum for support).
Go to Elxis administration > Settings > tab Users and Registration. Scroll down to Two-Factor authentication section and select E-mail or SMS.
If you selected SMS you have one more thing to do. Go to tab E-mail/SMS and scroll down to SMS options. In order for an SMS message to be send to your mobile phone an account to a third party provider is required. Elxis currently has built-in support for 5 SMS providers you can choose from: Clickatell, Easy SMS, Vonage, Sinch and Instasent. If you need an other provider contact us and we will add it for you on the next Elxis update. Depending on the chosen provider some configuration options must be provided. When ready click Save to save Elxis configuration. After you logout the next time you will have to supply the verification code to login.
First provide your standard Elxis username (or e-mail) and password. Elxis checks it and if it is OK sends you a 6-digit verification code to your e-mail or mobile phone. The login form changes and displays you a text input element to provide the verification code. Type the code you received and click Continue. You have logged-in.
Note that all standard login forms in Elxis 5.5 are AJAX powered. No page refresh is required.