Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By muthanna on
Hi,
I posted this in the "News and Announcements Forum", but I thought I'd get some technical criticism here.
I've written a module that enables two-factor Authentication in Drupal. How it works:
1) User logs in with username and password.
2) Drupal verifies password and proceeds to call user on his registered phone number.
3) User answers phone and is prompted for a PIN code.
4) Drupal verifies PIN code an lets user into site.
This adds another layer of security to Drupal that passwords alone cannot provide. If an attacker has stolen a password (by sniffing, keylogging, or any other means), it would be useless to him. He would still need possession of the phone, and know the PIN code.
The module uses the Public TeleAuth Server and is available for download here.
This is my first Drupal module, so any advice on improvements would be greatly appreciated.
Thanks,
Mohit.
