Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.TFA 1.x Documentation (deprecated)
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
TFA 1.x documentation. 1.x releases are no longer recommended or supported.
Second-factor authentication for Drupal sites. Drupal provides authentication via something you know, a username and password. TFA module adds a second step for authentication by requiring the entry of a unique, per-user code. The TFA code can be sent out over mobile phone SMS (recommended) or via email. Read more and install the module.
Preface on terminology #
Because the TFA module is configurable and pluggable it may help to better understand some terminology before configuring.
- TFA process
- The "TFA process" is what happens when normal Drupal login is interrupted and the user is informed that a code has been sent to them via the "communication channel" and the code entry form is provided. Upon correct code entry authentication is completed and the user is logged into Drupal.
- Communication channel
- The means to send a "TFA code" to the authenticating user. By default the TFA module integrates with the SMS Framework module to provide a variety of SMS carrier gateway integration, include Twilio.
- Account "address" or "field"
- Along with having a method to send the TFA code (the "communication channel"), the module also requires a place to send it, the "address". Since the SMS Framework operates on mobile phone numbers, TFA must know the user's phone number. If the phone number is stored as a field on the account object then the field is the "address" that TFA module will use.
- TFA code
- The unique, automatically generated code that is sent to the user along the "communication channel".
TFA module configuration #
With the module installed, visit the configuration page to begin setup of TFA. For Drupal 7 the configuration page is at admin/config/people/tfa and for Drupal 6 it is admin/settings/tfa.
Using SMS
To transfer the TFA code via SMS download and install the SMS Framework module and choose an appropriate SMS gateway (consult the SMS Framework documentation for more details on its configuration).
- Create an account field to store phone numbers (on Drupal 7 go to admin/config/people/accounts/fields or use a profile field in Drupal 6)
- Select that field in the TFA configuration form
Following screenshot shows TFA module configured to use SMS Framework and with account field "Phone" for storing the user's phone number. The phone field is a user field for storing text.
Customize TFA channel / Using the TFA API #
TFA module comes with an API to customize the communication channel, address storage, and code transmission method. See the tfa.api.php file in the module's root directory for more information.
Troubleshooting #
SMS doesn't work
Change your SMS gateway to "log only" and try again. Check the logs for entries regarding the sms code being sent. If they appear then the problem is most likely in the SMS Framework or its gateway.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
