Rewritten with core Joomla MVC. This version is written with core Joomla MVC, without any additional backend or frontend framework. It is compatible with Joomla 3.9 or later, including Joomla 4 (tested with 4.0.0-RC4).
Do not ask for TSV if the only active method is backup codes. It's possible that the only Two Step Verification method for a user account gets its plugin disabled by the site's administrator. In this case the only remaining Two Step Verification method is the backup codes which have not been removed as the user never disabled Two Step Verification on their account. This could cause a confusing login experience. Now we detect this situation and correctly treat it as Two Step Verification being disabled for this user.
Joomla changed the location of the cacert.pem file. Joomla 4 has remove the cacert.pem file from its usually location and loads it using Composer. While this is much better for keeping the file up-to-date, it also broke authentication with PushBullet and YubiKey. This release addresses this change.
Added support for Joomla Privacy Suite in Joomla 4. Joomla's Privacy Suite (com_privacy) uses a captive login approach using the same code found in earlier versions of Akeeba LoginGuard and DataCompliance. However, when both Privacy Suite and LoginGuard try to implement a captive login we end up in a redirection loop. We had already addressed that for Joomla 3 but not Joomla 4, since the Privacy Suite wasn't ported to Joomla 4 until very recently. This release extends our technique of suppressing Privacy Suite's captive login until after we have completed Two Step Verification to Joomla 4; it required a complete rewrite of the code due to the major differences in how Joomla 3 and 4 work under the hood.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
Please consult our Compatibility page. It explains our version support policy and lists which versions of our software are compatible with which versions of Joomla and PHP.