Two Factor Authentication Using Google Authenticator

Two Factor Authentication, also known as TFA, two-step verification or TFA (as an acronym), is an extra layer of security that is known as “multi-factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand — such as a physical token.

Integration Of TFA With Drupal

There are modules in Drupal which help us achieve the requirement.

  1. Modules Required
  2. Dependencies

Modules Required

The following are the modules that are required for Two Factor Authentication. The TFA module gives Mcrypt AES as the default encryption method. But  Real AES is recommended as Mcrypt uses php5 version and current drupal’s recommended PHP version is php7.

  • Two-factor Authentication (TFA)

  • Real Aes


  • TFA has a dependency on Encrypt and Key
  • Real AES has the dependency on Encrypt, key and Defuse Php
  • GA Login has a dependency on christianriesen/otp

The Defuse PHP can be downloaded by using composer command:  composer require defuse/php-encryption

Module Installation And Configuration

  • Manually download the module from, or use the composer command: composer require drupal/real_aes.

  • As Real AES has a dependency on Defuse PHP it can be downloaded using composer command: composer require defuse/php-encryption.
  • Once this is done the module is enabled from the admin/modules page after logging in using admin credentials.
  • The encryption profiles are added to configure TFA. Real AES module needs to be enabled before adding the profiles.

  • Go to admin/config/system/encryption/profiles/add to create a new Encryption Profile. Before this, one encryption key needs to be generated from admin/config/system/keys/add. This key needs to be configured in the encryption profile.

The above is the image of the profile key. The key value can be generated using a random key generator.

Below is the image of the encryption profile.

The key which was created has been selected in the drop-down of the Encryption key.

  • In order to set up Two Factor Authentication, there is a need for validation plugins. GA LOGIN module is a good option. It supports Time-based One-time Password Algorithm to be integrated with user login and it works with Google’s Authenticator app system.

  • As GA LOGIN module has a dependency on  christian-riesen/otp , it is installed using composer require christian-riesen/otp
  • Once GA LOGIN has been enabled, Select the desired Validation Plugin(s) and Encryption Profile created and Adjust other settings as desired. Select the roles required to set up TFA.

  • Visit the account’s Security tab: user/[uid]/security/tfa and Configure the selected Validation  Plugin as desired

  • The Configuration of the user has to done and the application has to be set  in order to complete the login using two-factor authentication

  • Google Authenticator can be installed in mobile and the barcode is scanned from the application, the codes are generated and that code is entered in the verification box.
  • Once the verification of the user is done, the TFA set up would be complete.

  • Once we log in using the user profile we get TFA login as well, with which TFA set up has been achieved


These days there are many security issues which are pertaining to applications having single authentication and a basic way to overcome this is by using Two Factor Authentication. Following the above steps, we can achieve integration of Google TFA with Drupal application.

About The Author