New security and authenticate options for Laravel: 2FA, Known Devices, Recovery Codes, Google Authenticate, TOTP, Password Strength, Blacklisted, SMS, reCAPTCHA, Verify Phone, Quick Register, Restricted Areas, Throttling, and much more...
Laravel Definitive Security Framework is a "Laravel Package" ready to add with Composer to your existing or new Laravel app.
It comes pre-installed in Laravel with a full demonstration of all its functions as you can see in the Live
New security and authenticate options for Laravel: 2FA, Known Devices, Recovery Codes, Google Authenticate, TOTP, Password Strength, Blacklisted, SMS, reCAPTCHA, Throttling, Verify Phone Number, Quick Register, Restricted Areas, and much more...
Everything is easily customizable with more than 50 configuration variables.
All controllers use a trait so you can easily override any method.
Non-invasive, all files are in their respective vendor folder.
Login with both fields: email and username.
Two Factor Authentication
After login the user is ask for a secondary password, there are 3 techniques:
A code is send via written message to the user cell phone.
A code is send via phone call to the user cell phone or landline.
Using a QR code and an app like "Google Authenticator" the code is obtain.
It is very easy, fast and it is free! Don't need no make any kind of call.
The codes expire after the given time.
The 2FA it's only required when using a new device.
After successful login, the new device will be added to the list of "Known Devices".
The user can manage Known Devices.
The app will also generate "one time use" recovery codes:
In the case the user lost his cell phone for example, he can login with one of this codes and change his telephone number.
Also the administrator may have their own set for each user.
Percentage of strength based on "Zxcvbn Algorithm" and common matches.
The result is a percentage of strength.
Password "Must Include" Rules:
Length, letter, case difference, number and symbol.
The idea is that the user don't hesitate so it could be as simple as an email field.
The user will receive a password and next time he attempts to login, he will be ask to complete his profile.
Request on Demand
You can request all users to change password or update profile.
You may restrict some areas or functions in two ways:
Asking for confirmation, as bank portals, this can be via, SMS, Voice and TOTP.
After certain minutes the user has to confirm again.
Asking for an email or phone number to be "Verify", this can be via Email, SMS and Voice.
Once verify is confirm permanently.
3 stages: Limited, Banned and Blacklisted (or Inactive).
Blacklisted users are blocked from login.
Limited and Banned may have other restrictions.
New users won't be able to register using email o phone number once used by blacklisted users.
Full control of multiple emails and phone numbers per user.
Rules to avoid repeats among themselves and among other users.
Column names mapping, to use your existing migrations.
Reset or Change Password
You can choose between the Laravel default email; or SMS, Voice and TOTP.
The app will reject the old password.
It has multi-language support built in.
It comes in English and Spanish but can be easily translated into other languages.
Recaptcha 2 for registration forms and other known abused areas.
You can take actions after a form is submit based on the score return by Recaptcha 3.
Take further action after reviewing Google's report of danger areas.
Three independent throttling configurations to block user after to many attempts:
Applies in: Enter password, Send notification and Users registrations.
All passwords, codes and tokens are hashed or encrypted.
A regular license allows an item to be used in one project for either personal or commercial use by you or on behalf of a client. The item cannot be offered for resale either on its own or as part of a project. Distribution of source files is not permitted.
An extended license allows an item to be used in unlimited projects for either personal or commercial use. The item cannot be offered for resale "as-is". It is allowed to distribute/sublicense the source files as part of a larger project.