Module Description
Two-factor authentication for Drupal sites. Drupal provides authentication via something you know -- a username and password while TFA module adds a second step of authentication with a check for something you have -- such as a code sent to (or generated by) your mobile phone.
TFA is a base module for providing two-factor authentication for your Drupal site. As a base module, TFA handles the work of integrating with Drupal, providing flexible and well tested interfaces to enable your choice of various two-factor authentication solutions like Time-based One-Time Passwords (TOTP), SMS-delivered codes, pre-generated codes, or integrations with third-party services like Authy, Duo and others.
Read the TFA module documentation or read more about the theory of two-factor authentication in my Drupal Watchdog article.
This module is useful for achieving compliance with PCI DSS requirement 8.3.1:
Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
Features
* Pluggable - Supports multiple methods of two-factor authentication and can work with any number of 3rd party systems
* Configurable - Supports fallback methods and context-specific exceptions
* Flood control and even secures one-time logins
* (Drupal 8+ only) REST services integration via services_tfa sub-module
TFA module is recommended as a full suite solution for two-factor authentication and Drupal. The following TOTP plugins work with FreeOTP, Google Authenticator, Authy, and any other app that works with TOTP tokens.
Drupal 8 recommended TOTP plugin The module supports plugins from other modules, but provides its own plugins for:
* TOTP - Time-based One-Time Passwords - normally used by various Authenticator apps from Google, Microsoft, Authy, etc.
* HOTP - HMAC-based One-Time Passwords - supported by most of the same apps, but not as popular
Drupal 7 recommended TOTP plugin See the 7.x-1.x versions of the TFA basic plugins.
Requirements
This module stores some sensitive data which it encrypts using the PHP OpenSSL extension. You will need to have the OpenSSL extension installed to use the module. Legacy installs of the module can take advantage of the Mcrypt extension.
TFA, Testing, and Development
It can be hard to test user authentication in automated tests with the TFA module enabled. Development environments also will likely struggle to login unless they disable TFA or reset the secrets for an account. One solution is to disable the module in the development and testing environment. To quickly disable the module you can run these drush commands to set some config:
* Disable TFA with drush config-set tfa.settings enabled 0
* Enable TFA with drush config-set tfa.settings enabled 1
TFA is a base module for providing two-factor authentication for your Drupal site. As a base module, TFA handles the work of integrating with Drupal, providing flexible and well tested interfaces to enable your choice of various two-factor authentication solutions like Time-based One-Time Passwords (TOTP), SMS-delivered codes, pre-generated codes, or integrations with third-party services like Authy, Duo and others.
Read the TFA module documentation or read more about the theory of two-factor authentication in my Drupal Watchdog article.
This module is useful for achieving compliance with PCI DSS requirement 8.3.1:
Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
Features
* Pluggable - Supports multiple methods of two-factor authentication and can work with any number of 3rd party systems
* Configurable - Supports fallback methods and context-specific exceptions
* Flood control and even secures one-time logins
* (Drupal 8+ only) REST services integration via services_tfa sub-module
TFA module is recommended as a full suite solution for two-factor authentication and Drupal. The following TOTP plugins work with FreeOTP, Google Authenticator, Authy, and any other app that works with TOTP tokens.
Drupal 8 recommended TOTP plugin The module supports plugins from other modules, but provides its own plugins for:
* TOTP - Time-based One-Time Passwords - normally used by various Authenticator apps from Google, Microsoft, Authy, etc.
* HOTP - HMAC-based One-Time Passwords - supported by most of the same apps, but not as popular
Drupal 7 recommended TOTP plugin See the 7.x-1.x versions of the TFA basic plugins.
Requirements
This module stores some sensitive data which it encrypts using the PHP OpenSSL extension. You will need to have the OpenSSL extension installed to use the module. Legacy installs of the module can take advantage of the Mcrypt extension.
TFA, Testing, and Development
It can be hard to test user authentication in automated tests with the TFA module enabled. Development environments also will likely struggle to login unless they disable TFA or reset the secrets for an account. One solution is to disable the module in the development and testing environment. To quickly disable the module you can run these drush commands to set some config:
* Disable TFA with drush config-set tfa.settings enabled 0
* Enable TFA with drush config-set tfa.settings enabled 1
Module Link
Project Usage
8885
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
The TFA module aims to provide two-factor authentication for Drupal sites, incorporating multiple methods of authentication and supporting various third-party systems.
Data Name
tfa