{"id":16362991,"url":"https://github.com/dpi/tfa","last_synced_at":"2026-01-27T07:30:17.445Z","repository":{"id":136996522,"uuid":"181450242","full_name":"dpi/tfa","owner":"dpi","description":"Fork of https://drupal.org/project/tfa","archived":false,"fork":false,"pushed_at":"2022-11-03T04:15:16.000Z","size":630,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"2.x","last_synced_at":"2025-02-18T03:02:26.002Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://drupal.org/project/tfa","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dpi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-15T09:01:30.000Z","updated_at":"2022-11-03T04:12:05.000Z","dependencies_parsed_at":null,"dependency_job_id":"c294f297-faf3-4093-a0cd-9e9ec700e034","html_url":"https://github.com/dpi/tfa","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpi%2Ftfa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpi%2Ftfa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpi%2Ftfa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpi%2Ftfa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dpi","download_url":"https://codeload.github.com/dpi/tfa/tar.gz/refs/heads/2.x","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239771671,"owners_count":19694316,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T02:26:07.618Z","updated_at":"2026-01-27T07:30:17.362Z","avatar_url":"https://github.com/dpi.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Two-factor Authentication (TFA) module for Drupal\n\nTFA is a base module for providing two-factor authentication for your Drupal\nsite. As a base module, TFA handles the Drupal integration work,\nproviding flexible and well tested interfaces to enable seamless, and\nconfigurable, choice of various two-factor authentication solutions like\nTime-based One Time Passwords, SMS-delivered codes, recovery codes, or\nintegrations with third-party suppliers like Authy, Duo and others.\n\nRead more about the features and use of TFA at its Drupal.org project page at\nhttps://drupal.org/project/tfa\n\n### Installation and use\n\nTFA module can be installed like other Drupal modules by placing this directory\nin the Drupal file system (for example, under modules/) and enabling on\nthe Drupal modules page.\n\n### Configuration\n\nTFA can be configured on your Drupal site at Administration - Configuration -\nPeople - Two-factor Authentication. Available plugins will be listed along with\ntheir type and configured use, if set.\n\nAdditionally, a permission is exposed to Drupal roles allowing them to skip the\nTFA process -- regardless of plugins and the \"require TFA\" setting.\n\n#### Default validation plugin\n\nThe plugin that will be used by default during user authentication. The plugin\nmust be ready for use by the authenticating account. If \"Require TFA\" is marked\nthen an account that has not setup TFA with the validation plugin will be unable\nto log in.\n\n### Plugin development\n\nTFA plugins provide the form and validation handling for 2nd factor\nauthentication of a user. The TFA module will interrupt a successful username\nand password authentication and begin the TFA process (see Configuration for\nexceptions to this statement), passing off the form control and validation to\nthe active plugin.\n\n#### Getting started\n\nThis module requires a few dependencies to be setup before it can be configured.\n\n##### Encryption Method - [Real AES](https://www.drupal.org/project/real_aes)\n\nAn encryption method module is required to be able to use the Key and Encrypt\nmodules. Real AES is not the only method available, another is [Sodium](https://www.drupal.org/project/sodium).\n\n* Install an encryption method module according to their instructions.\n\n##### [Key](https://www.drupal.org/project/key)\n\nThe key module provides Drupal access to an encryption key you create. Setting\nup the key module:\n\n* Install the Key module.\n* Generate a new key on the command line in OSX:\n    `dd if=/dev/urandom bs=32 count=1 | base64 -i - \u003e path/to/my/encrypt.key`\n* Visit the Keys module's configuration page and \"Add Key\"\n    * Name your Key\n    * Key type: \"Encryption\"\n    * Provider: \"File\"\n    * File location: `path/to/my/encrypt.key` as generated above.\n    * Save\n\n##### [Encrypt](https://www.drupal.org/project/encrypt)\n\nThe encrypt module allows the site owner to define encryption profiles that\ncan be reused throughout Drupal. The TFA module requires an encryption profile\nto be defined to be configured properly.\n\n* Install the Encrypt module\n* Visit the Encrypt module's configuration page and \"Add Encryption Profile\"\n    * Label your Encryption Profile\n    * Encryption method: \"Authenticated AES (Real AES)\" - or the encryption\n      method of your choice.\n    * Encryption Key: Select the Key you created in the previous step.\n    * Save\n\n##### TFA Configuration\n\nNow you should be ready to configure the TFA module.\n\n* Install the TFA module\n* (Optional) Install a module providing an extra TFA plugin\n* Visit the TFA module's configuration page.\n    * Enable TFA\n    * Select your desired Validation Plugin(s).\n    * Encryption Profile: Select the Encryption Profile you created in the\n      previous step.\n    * Adjust other settings as desired.\n    * Save\n* Grant \"Set up TFA for account\" to \"Authenticated user\"\n    * Consider granting \"Require TFA process\" for some roles\n* Visit your account's TFA tab: `user/[uid]/security/tfa`\n    * Configure the selected Validation Plugins as desired for your account.\n\n##### TFA apps\nUsers will need an application for their phone, tablet or computer that is\ncapable of generating authentication codes.  As of the date of this ReadMe,\nsome of the more popular options include:\n  * Google Authenticator (Android, iOS)\n  * Microsoft Authenticator (Android, iOS)\n  * Authy (Android, iOS, Windows, macOS, Linux)\n  * FreeOTP (Android, iOS)\n  * WinAuth (Windows)\n  * GAuth Authenticator (Chrome browser extension and Chrome OS)\n\n##### TFA, Testing, and Development\n\nIt can be hard to test user authentication in automated tests with the TFA\nmodule enabled. Development environments also will likely struggle to login\nunless they disable TFA or reset the secrets for an account. One solution is\nto disable the module in the development and testing environment. To quickly\ndisable the module you can run these drush commands to set some config:\n\n* Disable TFA with `drush config-set tfa.settings enabled 0`\n* Enable TFA with `drush config-set tfa.settings enabled 1`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdpi%2Ftfa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdpi%2Ftfa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdpi%2Ftfa/lists"}