WebHook

Webhooks are a simple way to glue disparate web services together using standing HTTP protocols in an easy to build for way.

I’d just like to introduce a very simple plugin that will add simple webhook functionality to your known site, allowing the administrator and individual site users to configure a URL that will be pinged whenever a user notification is sent (for example by a comment being received).

I use this to do some back end data analysis stuff on a couple of servers, so hopefully this will be useful to you!

» Visit the project on Github...

Two factor authentication (also known as 2FA), is a mechanism to provide extra security to website accounts by requiring a special one time use code, in addition to a user name and password.

This code is typically generated by a hardware dongle or your phone, meaning that you must not only know the password, but also physically have the code generator.

I thought it would be cool if Known had this capability, and so I wrote a plugin to implement it!

How it works

Once the plugin is installed and activated by the admin user, each user will be able to enable two step authentication through a menu on their settings page.

Enabling two factor will generate a special code, which can be used to generate time limited access tokens using a program such as the Google Authenticator. To make setup easier, the plugin generates a special QR code which can be scanned by the reader.

From then on, when you log in, you will get an extra screen which will prompt you for a code.

Enter the code produced by your authenticator and you will be given access!

» Visit the project on Github...

password_strength

This is just a quick post to nudge you towards a little plugin I wrote for Known which enforces a minimum password strength for user passwords.

The plugin works by calculating the entropy of the password based on NIST recommendations, and rejecting passwords where the entropy is too low.

By default, the minimum entropy is 44, however this can be changed through a configuration setting.

For this plugin to work, until my pull request is merged into the core code, you’ll need to apply patches available from my password validation branch.

Anyway, give it a kick about!

» Visit the project on Github...

Image “Password Strength” by XKCD