In today's digital landscape, ensuring the security of your website is paramount. With the rise in cyber threats, simply relying on a username and password for authentication is no longer sufficient. That's where Two-Factor Authentication (TFA) comes into play. By adding an extra layer of security, TFA significantly enhances the protection of your Drupal website by requiring users to provide two forms of identification before granting access. In this article, we'll walk you through the process of setting up TFA on your Drupal website, step by step.
Before you start
Before you enable TFA on your user account, you will need an app to generate a verification code on the device of your choice. We recommend using your smart phone (iOS or Android), as it will be the device you'll have with you most of the time. Then you'll be able to log in to your website from wherever you are in the future. You can also use the TFA app that's installed on your every-day computer (Mac or Windows). You should choose the solution that works for you.
There are many apps that generate a verification code, and you might have one installed on your device already. We can highly recommend using the built-in Passwords app on any Apple device (go to Settings > Passwords). Otherwise, here are some third-party TFA apps you can install:
Once you've got the app of your choice ready, let's get started!
Enable TFA on your user account
When Two-Factor Authentication (TFA) has been activated on your website, you can enable it on your user account.
- Log in to your website. You'll then be on your user profile page. If not, click the My Account link.
- Click the Two-Factor Authentication (TFA) option.
- From the TFA page, click the set up application link. You will be prompted to enter your current password before going to the next page.
- The TFA setup page lists the apps you can install (skip these links because you've already done it). Take note of thetext code (also known as a set-up key) and the QR code on this page.
- Open the TFA app on your device and add/create a new code.
- Using your device, scan the QR code or enter the text code (set-up key). The TFA app will now be showing a six-digit verification code.
- Enter the six-digit verification code in the application verification code field on the TFA setup page (seen at step 4). Click the verify and save button.
Your user account is now secured with Two-Factor Authentication. Good job!
How to use TFA when logging in
Now that TFA is enabled on your user account, you will be asked to enter the verification code when you log into your website.
- Log in to your website. After entering your user name or email address and your password, you will be prompted to enter the verification code.
- Open the TFA app on your device and choose your website (you may have codes for other websites, so choose the right one).
- Enter the six-digit verification code. Click the verify button.
You have now logged into your website!
It's worth mentioning that using the recommended Passwords app on Apple devices, and when using Safari to browse the internet, your passwords and verification code will be filled in automatically, which makes logging in quick and easy.
Resetting your TFA access
If you can no longer access the TFA app on your device (e.g. you've lost your smart phone), you will need to ask a person who has Super User access to reset TFA for your user account on the Drupal website. Once that has been done, follow the instructions on this page to enable TFA again.
How to reset two-factor authentication
Increasing security of your website
By following these steps, you can successfully enhance the security of your Drupal website with Two-Factor Authentication (TFA). By implementing this additional layer of protection, you can significantly reduce the risk of unauthorised access and safeguard sensitive information stored on your website.