"Login with TREZOR" is a Joomla plugin that provides secure user authentication via a password-less login using the TREZOR device, and enables you to login securely with a click of a button.
The TREZOR device holds securely secret keys and uses them to sign messages without actually ever exposing these secrets. Thus when using "Login with TREZOR", no user password is needed and no reusable secret can be ever captured by keylogger or other malware.
What is TREZOR
TREZOR is known as the most secure bitcoin hardware wallet. It allows you to make secure Bitcoin transactions even when initiated on a compromised or vulnerable computer.
How it works
After you install and configure the "Login with TREZOR" plugins in your website, the following button will be displayed:
When user clicks on the button, the following dialog window will popup:
At this point, the user must connect his/her TREZOR device. When connected, the TREZOR device will display the following confirmation screen:
After the user confirms the action, the device will return a structure with signed login information. If a paired account is found in the database, the user will be automatically logged in.
Login with TREZOR consists of 2 extensions:
- Login with TREZOR - system plugin
- Login with TREZOR - user plugin
Both extensions must be installed and enabled.
To install Login with TREZOR:
- Login to Joomla administrator control panel.
- Navigate to Extensions > Manage > Install.
- Install the package pkg_trezorlogin.zip. This will automatically install all required plugins.
- Alternatively, you can install the system and user plugins separately.
- Navigate to Extensions > Plugins and enable the plugins:
- System - Login with TREZOR
- User - Login with TREZOR
The system plugin is responsible for displaying the login button as well as authenticating the user.
Back-end Login: Enables "Login with TREZOR" in administrator login form.
Front-end Login: Enter the following shortcode anywhere in your website (article text, custom html module, php file) to display the TREZOR login button.
Site Logo: The site logo will be displayed in the TREZOR popup window. Recommended size: 48x48px.
Login Redirection Page: Select the page the user will be redirected to after a successfull front-end login.
Hide Footer: The footer displays a link back to the trezor.io website.
The user plugin is responsible for pairing a user account with a TREZOR device.
Enable in Registration Form: Enables account pairing in user registration form.
Enable in Profile Edit Form: Enables account pairing in user profile edit form.
Before a user can login with his/her TREZOR device, he/she must first pair it with an existing user account. After the pairing, the user doesn’t have to expose his/her orginal credentials each time he/she authenticates.
The standard output of the login button can be overridden by adding code to the html directory of your template.
To override the output of the Login with TREZOR - System plugin:
Create a folder named
Copy the original layout file
to the new override folder
Now you can edit the layout file to override the plugin output.