Drupal modules for Two-Factor-Authentication

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!

Two factor authentication is becoming more popular as more and more sites get hacked based on password alone.

  • Two Factor Auth - A framework to support a variety of methods as the second factor. The TFA Basic modules provides support for TOTP, recovery codes and SMS via Twilio. These modules are used on drupal.org to provide two factor authentication.
  • GA Login uses the Google Authenticator software and smartphone app
  • Duo Security integrates the Duo Security tool which includes app, sms, phone callback, and hardware tokens
  • Yubikey relies on a hardware device that you plug into your usb port
  • Multifactorauth - which requires you to enter a non-evolving pin over your phone to get access. Also has an aim of becoming a bit of a framework module for TFA over Voip.
  • One Time Password An opinionated, lightweight, zero-configuration module with 100% test coverage.

Modules without releases:

Comments

Any others worth

greggles's picture

Any others worth reviewing?

Anyone had experience with any of these they care to share?

Duo

mlhess's picture

I have used duo on about 6 projects. They can be a tad expensive but are great (depending on your budget).

Their push app is awesome, and for the old fashion people, they do still offer tokens.

Their admin interface tool (not Drupal) is very user friendly. They also offer 10 users for free.

6 Drupal projects, or with 6

greggles's picture

6 Drupal projects, or with 6 projects where you were authenticating to some other system?

The module code quality and method of integration feels pretty rough to me. I'm not aware of any specific problems, but did get a sense from my review of the code that they're doing things in a non-Drupal way. If you've had a positive experience with the Drupal integration that would be a great data point making me consider looking at it again.

Although we didn't contribute

christefano's picture

Although we didn't contribute a module for it, we built a multifactor login system using biometric facial recognition. Shortly after the launch, we gave a demo at a Boston Drupal meetup: https://blip.tv/episode/4479977

Two others

timwood's picture

I found another module and one sandbox project. The module, http://drupal.org/project/factortwo, has no released or dev version since being approved one year ago. I've submitted a ticket asking about a released version.

The sandbox uses a third party service http://drupal.org/sandbox/Emmanuel_N/1577980. Currently under a project review, since 5/15/2012: http://drupal.org/node/1579996

-Tim

Thanks Greg!

timwood's picture

Also, Thanks to Greg for starting this wiki/page/discussion!

New WiKID Drupal module

nowen's picture

Greetings:

We've released a drupal moduule for the WiKID Strong Authentication server: http://drupal.org/sandbox/greghaygood/1927960. Please take a look if you want to add two-factor auth to a Drupal site.

A couple of things about us. You run the server yourself. It's easy to setup and is very stable, so if you prefer to control the keys to the kingdom, you might like WiKID.
Also, we're relatively inexpensive:
http://www.wikidsystems.com/learn-more/financial.
You can download the server here:
http://www.wikidsystems.com/downloads. As well as PC tokens. We have mobile tokens in all the big app stores for your smart phones as well.

Enjoy!

2 Factor Auth in Feeds

I have released drulapp

nithinkolekar's picture

I have released drulapp https://www.drupal.org/sandbox/nithinkolekar/2856406 which doesn't depend on third party libraries/voip/sms service. I don't say it is unique , but simple enough for site with very small user base.

I created one_time_password

Sam152's picture

I created one_time_password with the intention of creating a narrowly scoped Drupal 8 TFA project.

miniOrange 2FA

KolhatkarRahul's picture

miniOrange has a 2FA module with tons of features and documentation.

Module Link - https://www.drupal.org/project/miniorange_2fa

It supports Drupal 7 as well as 8 and 9.