This project is not covered by Drupal’s security advisory policy.

Pincode Login module provides the ability to log in using only a 4 digit pin code.
This is made possible through the use of Drupals external login API.

Pincode Login provides functionality to:
- Automatically create Users, with a unique pincode.
- Logging in to a site using previously generated pincode.

Functionality for creation of pincode users is exposed through the Rules module (
Alternatively the pincode_login_register($username, $mail) function can be used in a module or php snippet.
The pincode login module does not provide any out of the box rule sets or gui for the creation of users and distribution of pincodes, as this logic will vary greatly depending on each use case.

Functionality for logging in is provided through a login page or a block.

This module uses Drupals external login API to BYPASS Drupals login security!!
This module is LESS secure than Drupals standard login.
As this module provides login through a 4 digit pincode only, brute force attacks are an issue.
To slow down such attacks the pincode login module limits the number of login attempts pr IP adress. When a treshold for number of failed logins are reached for an IP adress, a delay is enforced before the next login attempt is allowed.
These measures makes brute forcing tedious using a single point of attack. Or requiring the like of a bot network to quickly break in.
But even with these measures, the pincode login module is still less secure than Drupals standard login mechanisms.

But knowing these limitations and dangers, if you limit the permissions of users logging in with a pincode, nothing too bad will happen to you.

A typical scenario for using this module would be a resource to be made available for a short time, where you don't want to bother the user with another registration process. User creation is automated, and all you need from the user is a mean of distributing the Pincode. This could be mail or sms or any other mean.

Project information