Blog / News / Forum: Login with Two Factor Authentication
From now on, the FlatPress support forum supports Two Factor Authentication (2FA). (For more information on what’s 2FA, see below.)
Feel free to secure your account!
Activating it is quite easy: Go to the User Control Panel, tab “Two Factor Authentication”. Select “OTP” and hit “Add new key”.
Your OTP secret and a QR code are being generated. (The QR code basically contains the secret.)
Scan the code with your OTP app or enter the secret manually.
Read the OTP from your OTP app and enter it in the “OTP key” field. Hit “Register new key”, and 2FA is activated for your account! From now on, you’ll need to enter the current OTP code after giving your username and password.
Of course, you can disable 2FA at any time by simply deleting the registered keys.
What is Two Factor Authentication?
Two Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP) is a great way to protect your user accounts on any platform providing it. It basically means you do not only need your username and password to login, but also a 6-digit code freshly generated every 30 seconds e.g. in the OTP app on your mobile device.
So even if your username and password get stolen (via phishing, keylogging, social engineering, … you name it), your account can still not be accessed without knowing the 6-digit OTP code (which changes every 30 seconds).
This massive increase in security comes with a price, though: Without your OTP generator (i.e., the OTP app on your mobile or any other program capable of generating the code), you will be not able to access your account. But fear not, a good OTP implementation will provide you with static backup codes you can use instead. Of course, nobody else than you should ever get those backup codes, so keep them well :)
2FA is a widely spread standard. Some examples: Amazon offers it, PayPal does, GitHub and Twitter as well. My personal recommendation: Try it, get used to using it, and activate it on any platform that provides it.
What’s a good OTP app?
There may be countless TOTP generators out there. My recommendations are:
- The password safe KeePass (great for securely managing many different, unique and safe passwords on Windows, Linux and even mobile platforms!) has the OTP plugin KeeTrayTOTP.
- FreeOTP+ (F-Droid / Google Play Store) is great for Android devices.
- Apple users may want to take a look at FreeOTP.
More questions?
If you have questions regarding 2FA or want to share opinions or recommendations, please feel free to do so on the FlatPress support forum.
All the best,
Arvid
Blog / News / Project interna / Latest development news
Hi folks,
viewed from the outside, it seems rather quiet around the FlatPress project. But just look at the picture to see how hard we’re actually working behind the scenes! ;)
In fact, things are really moving nicely. In total, we have three active development branches:
Main development
In the master branch, we’re working on “normal” features and bugfixes for the next FlatPress version. Talking about the new Gallery captions plugin, improvements of the Leggero theme and many smaller and bigger bugfixes. Oh, and the cool PhotoSwipe plugin made it into the standard FlatPress package!
For all details, see the current change log.
PHP 8.1 compatibility
We need to make FlatPress working with PHP 8.1 properly. This aim contains two main tasks:
- Update the Smarty template engine to its current 4.x version.
This has been done in the Smarty update branch - now we need to make sure everything works fine. If you feel like supporting our project, please help us testing!
- Change all internal date formattings.
With the current “%Y-%m-%d” style of the deprecated strftime() function, FlatPress throws ugly warnings under PHP 8.1. We opened issue 92 for that, the development will take place in the strftime branch.
New Admin Area
Honestly, it’s a shame this gem isn’t part of a final FlatPress version yet. Franah built a completely new Admin Area which brings a new fresh touch to working with FlatPress. Also, it’s reponsive, meaning it adapts to your screen size and works flawlessly even on your mobile gizmo.
If you want to take a look into it, please feel free to get it from the Responsive Admin branch. Of course, it also contains all the bugfixes and features from the master branch.
Share your findings and opinion on the new Admin Area on the support forum.
Be part of the development!
You’re warmly invited to grab FlatPress from the described development branches and test the heck out of it.
Simply follow the link to each branch on GitHub, hit the green “Code” button in the upper right, and select “Download ZIP”. Then just install FlatPress on any web server, e.g. in a subdirectory of your blog site. To get rid of it later again, simply delete this subdirectory :)
Report any bugs and glitches or simply let us know what you think about the new features on the support forum.
Also, follow FlatPress on Mastodon or Twitter to stay in touch with the latest progress of your favourite blogging engine.
For any further questions or suggestions, please drop a line in the comments below.
All the best,
Arvid
Image: “HRA computer lab - ~1983” by Blake Patterson - licensed under CC BY 2.0
Blog / News / log4shell: FlatPress is not affected
You probably heard of the Log4j vulnerability “Log4Shell” which causes trouble for sysadmins and software developers all over the world currently.
Good news is: FlatPress does not utilize Log4j at all, and thus isn’t affected by this problem.
Stay safe out there!
Blog / News / Releases / New release: FlatPress 1.2.1
I just released a bugfix release for FlatPress 1.2 βLegatoβ. It solves issue #82 which may have led to a blank page in the admin area. Thanks for reporting!
As a little bonus, 1.2.1 introduces a Dutch translation by Macmee - hartelijk bedankt!
Please see the changelog for a complete list of changes.
Updating from 1.2 to 1.2.1 is very simple, please see the update instructions on the download page.
All the best,
Arvid
Blog / General / News / FlatPress is now on Mastodon π
You know our Twitter account @FlatPress, right? Well, you might say, “but FlatPress says in its FAQ it wants to make its users independent from such platforms!”. And you’re right!
From now on, you also find the FlatPress project on Mastodon. This is a social network service which works quite similar to Twitter. The main difference is the absence of one single central instance that controls everything. Instead, Mastodon has many independent instances which work together. The FlatPress account resides on the Fosstodon instance.
So if you already have a Mastodon account, feel free to follow @flatpress@fosstodon.org. And if not, why not give it a try?
All the best
Arvid
Original image from the Mastodon press kit.