Secure Your Users with Strong Passwords and 2FA

Passwords protect user accounts on your forum. Many browsers have password helpers that create strong passwords that nobody can guess easily. You should tell users to try these tools. XenForo keeps passwords safe using special math that scrambles them. Nobody can see the real password after it happens - not even you! When users forget passwords, they must use the lost password link instead of asking you to tell them what it was. The system watches for people trying the wrong passwords. After four wrong tries, XenForo takes action. You can make users type a special code or lock their account for fifteen minutes. You control this through the Setup area under User options.

Your forum can ask for extra proof when users log in. This extra step makes accounts much safer. Users might need to type a code from their phone app or click a link sent to their email address. The system calls this two-factor authentication or 2FA. People who run your forum should always use 2FA. You can force moderators and administrators to use it by changing settings in the Groups & Permissions area. Sometimes, you might worry someone broke into a user account. You can add a security lock to protect it. You first log into the Admin control panel and find the user. Then you pick a security type when you edit their account. One type makes users change their password the next time they log in. The other type sends an email message with reset instructions.