Open an authenticator app and create an entry with the same secret. In Glowing Bear check the checkbox for "use Time-based One-Time Password" and fill in the one time password as you see it in the authenticator app.
-Required for Weechat < 2.9
+Required for Weechat <= 2.8
Since weechat version 2.9 the authentication was made more secure and resistant to brute forcing. Glowing bear uses the most secure authentication method by default. However to supports older version of weechat this options allows glowing bear to still send your password in plaintext (wrapped in https if enabled). Only enable this if you are using Weechat < 2.9
By default weechat 2.9 support all authentication methods, if you are only using glowing bear you can do the following command to improve security:
/set relay.network.password_hash_algo "pbkdf2+sha512"diff --git a/js/connection.js b/js/connection.js index 84292f1..bef2018 100644 --- a/js/connection.js +++ b/js/connection.js @@ -99,7 +99,7 @@ weechat.factory('connection', // This is not secure, this has to be specifically allowed with a setting // Otherwise an attacker could persuade the client to send it's password // Or due to latency the client could think weechat was an older version - if (!settings.allowPlaintextAuthentication) + if (!settings.compatibilityWeechat28) { $rootScope.oldWeechatError = true; $rootScope.$emit('relayDisconnect'); diff --git a/js/glowingbear.js b/js/glowingbear.js index 1e8c177..fab7280 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -45,7 +45,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', 'port': 9001, 'path': 'weechat', 'ssl': (window.location.protocol === "https:"), - 'allowPlaintextAuthentication': true, + 'compatibilityWeechat28': true, 'useTotp': false, 'savepassword': false, 'autoconnect': false,