Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.On this page
Setting up Two-Factor Authentication
This documentation needs work. See "Help improve this page" in the sidebar.
Drupal.org has the additional level of account security made possible by two-factor authentication (TFA, also known as 2FA). This documentation page will guide you through setting up your Drupal.org account to use a second-factor of authentication when you next log in.
Overview
You enable two-factor authentication for your account by synchronizing a secret unique key between drupal.org and a mobile or desktop client in your possession. This secret key is used to generated short-lived codes that act as a second factor in determining your identity when logging into drupal.org. Read more about how two-factor authentication works on wikipedia.org.
Requirements
As part of this process you'll need to download and set up a mobile device or desktop client application that can generate TFA codes (known as TOTP codes). Popular client applications are Google Authenticator, Authy, FreeOTP, and more. During TFA setup you will be presented with a link to these various applications or you can view more on a groups.drupal.org discussion on TOTP clients.
Setup steps
Log into your drupal.org account as you normally would.
Click on "Logged in as (your username)" to access your account page.
Click on the "Security" tab
Click on "Setup Application"
You will be asked to confirm your current password.
You will now need to download your client application that will generate verification codes.
Once you've downloaded and configured the client application you will need to enter the code and click the "verify and save" button to confirm the client is in synch with your Drupal.org account.
Optionally, you can mark your current browser as "trusted" -- meaning you won't need to undergo two-factor authentication the next time you log in from it. This step is only recommended when you are using a computer or device that's always under your control.
Finally, you should also generate fallback codes for use just in case you have lost or misplaced your TFA client application or its device.
Once you've submitted the final step you have completed TFA setup for your account. You should be receiving an email confirming this action. From now on, unless you disable it, logging into drupal.org will require you to go through a second-factor step (unless the browser you're logging in from has been marked trusted).
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
