Two factor authentication is becoming more popular as more and more sites get hacked based on password alone.
- GA Login uses the Google Authenticator software and smartphone app
- Two Factor Auth - TFA currently uses sms messages or emails, but is intended to be a framework.
- Duo Security integrates the Duo Security tool which includes app, sms, phone callback, and hardware tokens
- Yubikey relies on a hardware device that you plug into your usb port
- Multifactorauth - which requires you to enter a non-evolving pin over your phone to get access. Also has an aim of becoming a bit of a framework module for TFA over Voip.
- FACTOR TWO works similarly to GA Login but doesn't rely on Google or smartphone app.
- InWebo Strong Authentication integrates the In-Webo tokenless "Strong Authentication" service.
Comments
Any others worth
Any others worth reviewing?
Anyone had experience with any of these they care to share?
certifiedtorock.com/u/36762/ | Druplicon debit card
Duo
I have used duo on about 6 projects. They can be a tad expensive but are great (depending on your budget).
Their push app is awesome, and for the old fashion people, they do still offer tokens.
Their admin interface tool (not Drupal) is very user friendly. They also offer 10 users for free.
6 Drupal projects, or with 6
6 Drupal projects, or with 6 projects where you were authenticating to some other system?
The module code quality and method of integration feels pretty rough to me. I'm not aware of any specific problems, but did get a sense from my review of the code that they're doing things in a non-Drupal way. If you've had a positive experience with the Drupal integration that would be a great data point making me consider looking at it again.
certifiedtorock.com/u/36762/ | Druplicon debit card
Although we didn't contribute
Although we didn't contribute a module for it, we built a multifactor login system using biometric facial recognition. Shortly after the launch, we gave a demo at a Boston Drupal meetup: https://blip.tv/episode/4479977
Founder, CEO
http://www.larks.la
Founder, Lead Burrito Analyst
http://droplabs.net
Organizer, Drupal Adventure Guide
http://drupal.la
Two others
I found another module and one sandbox project. The module, http://drupal.org/project/factortwo, has no released or dev version since being approved one year ago. I've submitted a ticket asking about a released version.
The sandbox uses a third party service http://drupal.org/sandbox/Emmanuel_N/1577980. Currently under a project review, since 5/15/2012: http://drupal.org/node/1579996
-Tim
Thanks Greg!
Also, Thanks to Greg for starting this wiki/page/discussion!
New WiKID Drupal module
Greetings:
We've released a drupal moduule for the WiKID Strong Authentication server: http://drupal.org/sandbox/greghaygood/1927960. Please take a look if you want to add two-factor auth to a Drupal site.
A couple of things about us. You run the server yourself. It's easy to setup and is very stable, so if you prefer to control the keys to the kingdom, you might like WiKID.
Also, we're relatively inexpensive:
http://www.wikidsystems.com/learn-more/financial.
You can download the server here:
http://www.wikidsystems.com/downloads. As well as PC tokens. We have mobile tokens in all the big app stores for your smart phones as well.
Enjoy!