Login verification is a highly recommended security feature introduced in Typemill version 2.1.0. It provides a simple and effective method to enhance the security of your Typemill installation and protect against password theft. Activating this feature is straightforward and can be done in just two steps.
- Login Verification
Setup an Email for Notifications
Before activating the login verification, it's crucial to ensure that you have entered a valid email address in the email section of the system settings. Additionally, send a test email to confirm that your email account can receive verification emails successfully. Be aware that some email providers, such as Google Mail, might reject emails from this feature, so it's essential to verify deliverability.
Activate the login verification
To activate login verification, navigate to the "Security" tab in the system settings.
Here's how the feature works:
- After a login attempt, Typemill will display a form for you to enter an authentication code to complete your login.
- Following a successful login attempt (with the correct username and password), Typemill will send a 5-digit authentication code to your registered email address.
- Upon entering the valid authentication code into the form, your login will be completed.
- You can log in without requiring a new verification code for 24 hours.
Good to know:
- If you do not receive the email with the verification code, the login attempt might have used an incorrect password or username. In the worst case, if the credentials were correct but the email was rejected by your email provider, see the troubleshooting chapter below.
- The authentication code is valid for 5 minutes. If you do not complete your login within this time, you will need to start over to receive a new authentication code.
- A successful verification is valid for 24 hours, after which the system will require a new verification code.
- The verification code is only valid for one device. Logging in from another device or browser will necessitate a new verification code.
Typemill stores a simple fingerprint in the user account for each device used for login. These fingerprints are stored as MD5 hashes and include the following information:
Ensure this practice complies with the privacy legislation in your country, considering user consent and transparency.
If you encounter any issues, you may need FTP access to deactivate the verification feature manually:
- Connect to your website via FTP.
- Download the
settings.yamlfile from the "settings" folder.
- Change the line
- Upload the modified
settings.yamlback to your website.
If You Receive an Email Without a Login Attempt
Receiving an email notification without attempting to log in could indicate that your account has been compromised. Immediate actions include:
- Reset your password immediately.
- Inspect for unauthorized changes to your site. Consider a fresh setup of your Typemill installation and check for any malicious code or files in your content, media, or settings files.
- Investigate the breach to understand how your password was compromised and take steps to prevent future incidents.
Implementing login verification is a step forward in securing your Typemill site. Stay vigilant and proactive in enhancing your site's security.