Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Drupal 2FA

Overview

Two-Factor Authentication (2FA) is a critical security layer for Drupal websites, helping prevent unauthorized access and identity theft.

This handbook will guide you through setting up 2FA on your Drupal site using the miniOrange Two-Factor Authentication (2FA / MFA) module. It also covers all the key features and configuration options available in the module.

What is Two-factor authentication?

Two-Factor Authentication (2FA) adds an extra layer of security by requiring users to verify their identity using an additional method beyond the standard username/email and password.

This significantly reduces the risk of:

Brute force attacks
Phishing attacks
Unauthorized account access

How the Module Works

The miniOrange Two-Factor Authentication (2FA / MFA) module enhances Drupal’s default login system by introducing a second authentication step after the primary login.

Login via Web Interface

Step 1:
User enters username/email and password

Step 2:
After validating the credentials, Drupal checks the 2FA configuration for the user:

If 2FA is enabled → the user is redirected to the 2FA challenge
If 2FA is not enabled → access is granted directly

Step 3:
A second-factor authentication is triggered (OTP / Authenticator / Push), and the user completes the verification

Step 4:
Once the verification is successful, the session is finalized and access is granted

Supported 2FA methods

1. OTP-based 2FA methods

OTP over Email
OTP Over SMS
OTP Over SMS and EMAIL
OTP over Phone (Voice Call OTP)

2. TOTP-based 2FA methods

Google Authenticator
Duo Authenticator
Microsoft Authenticator
Okta Verify
miniOrange Authenticator
Authy Authenticator
Lastpass Authenticator
2FAS Authenticator

3. Other 2FA methods

Email Verification
Security Questions (KBA)
Push Notification
QR Code Authentication

4. FIDO-based Methods

WebAuthn (Passkeys / Biometrics)
Hardware Token (e.g., YubiKey)

Do you think there is any 2FA method missing from the list for your use case? Feel free to contact us at info@xecurify.com. We will be happy to assist you through.