Two Factor Authentication, also known as TFA, two-step verification or TFA (as an acronym), is an extra layer of security that is known as “multi-factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand — such as a physical token.
Integration Of TFA With Drupal
There are modules in Drupal which help us achieve the requirement.
- Modules Required
The following are the modules that are required for Two Factor Authentication. The TFA module gives Mcrypt AES as the default encryption method. But Real AES is recommended as Mcrypt uses php5 version and current drupal’s recommended PHP version is php7.
Two-factor Authentication (TFA)
- Real Aes
- TFA has a dependency on Encrypt and Key
- Real AES has the dependency on Encrypt, key and Defuse Php
- GA Login has a dependency on christian–riesen/otp
The Defuse PHP can be downloaded by using composer command: composer require defuse/php-encryption
Module Installation And Configuration
Manually download the module from drupal.org, or use the composer command: composer require drupal/real_aes.
- As Real AES has a dependency on Defuse PHP it can be downloaded using composer command: composer require defuse/php-encryption.
- Once this is done the module is enabled from the admin/modules page after logging in using admin credentials.
The encryption profiles are added to configure TFA. Real AES module needs to be enabled before adding the profiles.
Go to admin/config/system/encryption/profiles/add to create a new Encryption Profile. Before this, one encryption key needs to be generated from admin/config/system/keys/add. This key needs to be configured in the encryption profile.
Below is the image of the encryption profile.
The key which was created has been selected in the drop-down of the Encryption key.
In order to set up Two Factor Authentication, there is a need for validation plugins. GA LOGIN module is a good option. It supports Time-based One-time Password Algorithm to be integrated with user login and it works with Google’s Authenticator app system.
- As GA LOGIN module has a dependency on christian-riesen/otp , it is installed using composer require christian-riesen/otp
Once GA LOGIN has been enabled, Select the desired Validation Plugin(s) and Encryption Profile created and Adjust other settings as desired. Select the roles required to set up TFA.
Visit the account’s Security tab: user/[uid]/security/tfa and Configure the selected Validation Plugin as desired
- The Configuration of the user has to done and the application has to be set in order to complete the login using two-factor authentication
- Google Authenticator can be installed in mobile and the barcode is scanned from the application, the codes are generated and that code is entered in the verification box.
- Once the verification of the user is done, the TFA set up would be complete.
- Once we log in using the user profile we get TFA login as well, with which TFA set up has been achieved
These days there are many security issues which are pertaining to applications having single authentication and a basic way to overcome this is by using Two Factor Authentication. Following the above steps, we can achieve integration of Google TFA with Drupal application.