Enhance Your Security! Use Our New Two-Factor-Authentication Plugin

English

Details: Category: Blog; 03 April 2019

4 years ago

2FA is a way to add additional security to your account. It is called "two-factor-authentication" because two verification methods are used to access your account. The first "factor" is your usual password that is standard for any account. The second "factor" is a verification code retrieved from a 2FA application either from your computer or mobile device. For more details about 2FA and its importance, please visit the following article. Set Up 2FA To see it at work, please create a free LimeSurvey account, access your LimeSurvey instance, and activate it from your Plugin Manager: Once enabled, you and your users can activate it from your own personal 2FA settings. To access them, click on the “2-Factor-Settings” menu item located on the top bar and select "2FA-Setting": On the next page, click on “Register 2FA now”: Once done, you will be prompted by the following message box: Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP. Scan the QR-code with your mobile phone. For a list of application recommendations, check this article. Enter the confirmation key displayed in your 2FA application (by default, a six-numeric code). Once done, click on button "Create 2FA binding". To test it, please log out and log in again: Congratulations! You have just enhanced the security of your LimeSurvey instance! Enforce 2FA If you wish to enforce this security measure, go to Plugin Manager, and configure the 2FA system at the global level. The following page will be loaded: Please go to the last option, enable Force 2FA, and save the changes. In this way, your users will be forced to create a 2FA key after their first login. If you have the necessary global permission, you can check under the 2FA administration panel which users are using the 2FA system (see the last column): Deactivate/Reset 2FA To deactivate 2FA authentication, go to your personal 2FA settings and click on "Unset 2FA": Confirm your action to delete the 2FA-token associated to your account. Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings. In case you cannot login anymore into your instance and you wish to reset your 2FA settings, contact your LimeSurvey instance super administrator to delete the 2FA-token associated to your account. That way, you will be able to login again into your account and create a new 2FA-token. Try the plugin and let us know what are your thoughts. Join our forum discussion topic! We are looking forward to hearing your feedback! Additional Information Please note that all token authentication systems that provide time based hash tokens work with the plugin. For more details about the plugin, please check this wiki page.

Great news! We developed a Two-Factor-Authentication (2FA) plugin for LimeSurvey. The purpose of this plugin is to enhance the security of your account and collected data. We will cover in this article some basics about the new 2FA plugin and how a super administrator can enforce 2FA for each LimeSurvey user.

2FA is a way to add additional security to your account. It is called "two-factor-authentication" because two verification methods are used to access your account. The first "factor" is your usual password that is standard for any account. The second "factor" is a verification code retrieved from a 2FA application either from your computer or mobile device. For more details about 2FA and its importance, please visit the following article.

Set Up 2FA

To see it at work, please create a free LimeSurvey account, access your LimeSurvey instance, and activate it from your Plugin Manager:

Once enabled, you and your users can activate it from your own personal 2FA settings. To access them, click on the “2-Factor-Settings” menu item located on the top bar and select "2FA-Setting":

On the next page, click on “Register 2FA now”:

Once done, you will be prompted by the following message box:

Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP.
Scan the QR-code with your mobile phone. For a list of application recommendations, check this article.
Enter the confirmation key displayed in your 2FA application (by default, a six-numeric code).

Once done, click on button "Create 2FA binding". To test it, please log out and log in again:

Congratulations! You have just enhanced the security of your LimeSurvey instance!

Enforce 2FA

If you wish to enforce this security measure, go to Plugin Manager, and configure the 2FA system at the global level. The following page will be loaded:

Please go to the last option, enable Force 2FA, and save the changes. In this way, your users will be forced to create a 2FA key after their first login. If you have the necessary global permission, you can check under the 2FA administration panel which users are using the 2FA system (see the last column):

Deactivate/Reset 2FA

To deactivate 2FA authentication, go to your personal 2FA settings and click on "Unset 2FA": Confirm your action to delete the 2FA-token associated to your account. Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings. In case you cannot login anymore into your instance and you wish to reset your 2FA settings, contact your LimeSurvey instance super administrator to delete the 2FA-token associated to your account. That way, you will be able to login again into your account and create a new 2FA-token. Try the plugin and let us know what are your thoughts. Join our forum discussion topic! We are looking forward to hearing your feedback!

Additional Information

Please note that all token authentication systems that provide time based hash tokens work with the plugin. For more details about the plugin, please check this wiki page.

In this blog post we’ll have a look at the settings of your LimeSurvey Cloud account. Watch out for our pro tips. Directly after you registered for your (free) LimeSurvey account you can access all your account settings. Here is an overview of the most important settings that help you to optimize your installation and work flows. In LimeSurvey we distinguish between your personal LimeSurvey Cloud account and the actual survey application. This separation helps you to divide everything related to your contract from everything related to your surveys. This is especially helpful when you are not working alone but in a team. Survey Application In the section Survey Application you do not only find the URL to your personal LimeSurvey installation, you can also change the name of the web address that links to your survey here (e.g., survey.limequery.org). Domain names can be changed once a day. However, please do not change them while a survey is online, otherwise the participation links will no longer work. Under survey application you can also reset the password of your main LimeSurvey app user. Pro Tip 1: If you run out of responses ahead of schedule, there is a possibility for early renewal. Just go to Packages and order the response package you need. However, please bear in mind that the additional responses will not be transferred to a new LimeSurvey package. So do not buy additional responses too early. Pro Tip 2: If you want to use your own domain name instead of limequery.com/org/net, you can use domain aliasing and link to your own internet address (subdomain). Thus, the persons invited to your survey know directly from the link that you are the sender. Domain aliasing is available from the LimeSurvey Cloud Expert Package onwards. Community Profile In the profile menu you can also edit your Community Profile. You also find your Community Profile in the profile menu. In this section, you can set up the information displayed when you login to the forum. The forum is a virtual room where users can exchange information or simply talk about LimeSurvey. You can also change your password for the LimeSurvey Cloud under Community Profile. However, please make sure that you do not confuse this password with the admin password for the survey app. The latter can only be changed under Survey Application. Talking about security: We highly recommend that you activate a two factor authentication (2FA) in your community profile settings. Support If you are stuck with LimeSurvey and can’t find the solution to your problem in the forums or in the Frequently Asked Questions section please feel free to contact our Support. Our personal support is for LimeSurvey Cloud users only. Describe your problem as detailed as possible and also add screenshots and information about your operating system or your browser to the support ticket. Our experienced support staff will provide help as soon as reasonably possible. GDPR Agreement Another time saving feature is the possibility to generate a GDPR (General Data Protection Regulation) agreement for compatible data processing with LimeSurvey GmbH. Our contract wizard leads you through the necessary steps and gets you on the safe side. Billing In the Billing section you can update your invoice address, request quotes and view your orders and invoices. Further reading For additional information please refer to our online manual Interested in Part 2? That was the first part in our "Beginners Guide" Series. Check out the other parts for more insight. Part 2 Part 3

General

10 years ago

Your feedback: Plugins for LimeSurvey 2.05

With the LimeSurvey fundraiser concluding successfully we have put alot of time in reworking LimeSurvey to make it suppo ...