At OnlineCommunityHub, we’re always looking for ways to improve both the functionality and security of our Joomla extensions. To better protect your subscription-based downloads, we are introducing a new layer of security: Two-Factor Authentication (2FA) for the use of your Download ID.
This new feature will help ensure that only authorized devices are able to download and install our extension updates via the Joomla update server.
What Is Changing?
Previously, using your Download ID on any Joomla installation allowed automatic access to download updates without extra authentication. However, starting today, when you use your Download ID on a new server for the first time, a verification step will be required to authorize that server. This added step is designed to safeguard your Download ID from unauthorized use.
How Two-Factor Authentication Works:
-
First-Time Use on a New Server
When your Joomla installation attempts to use the Download ID on a new server, the Joomla update manager will display a 401 Unauthorized error. This error indicates that the server is not yet approved to access your downloads. -
Email Notification
Right after this unauthorized attempt, you will receive an email with key details:- The IP address of the server trying to access the Download ID.
- The location (city/region) of the server.
- A link to approve the device for future downloads.
-
Approving the Device
To approve the new server or device, click the link provided in the email. Once the device is approved, it will be able to download and install future updates via the Joomla update server.
Note: There is no option to deny access explicitly—if you don’t take action, the device will remain unauthorized and unable to download any updates.
Past IP Addresses Have Been Automatically Approved
To ensure a smooth transition, any IP addresses that have been used to download updates over the past few months have already been automatically approved. This means that your current Joomla installations should continue to receive updates without any disruptions, unless you are setting up new servers or devices.
Manage Your Approved Devices
You can manage and review the devices that are authorized to use your Download ID by logging into your account on our website. Under My Account > My Devices (2FA), you’ll be able to see a list of approved servers and remove any that you no longer want to have access.
Why Are We Making This Change?
With this update, we are adding an additional layer of security to your downloads. Here are the key benefits:
- Enhanced Protection: By ensuring that only verified devices can use your Download ID, we significantly reduce the risk of unauthorized downloads.
- Full Control: You can monitor and manage which devices are authorized to use your Download ID, giving you full transparency and control over your extension updates.
What You Need to Do:
No action is required for devices that have already been automatically approved. However, if you use your Download ID on a new server, you’ll need to follow the instructions in the email you receive to approve the new device.
Need Help?
If you have any questions or run into any issues with this new two-factor authentication feature, feel free to reach out to our support team. We’re always here to assist you!