Drupal 8: How To Setup Two-Factor Authentication

This tutorial will show you how to setup two-factor authentication in Drupal 8/9.

INSTALL/ENABLE

1) Install/Enable the following modules:

• Two-factor Authentication (TFA)
• Real AES
• Key
• Google Authenticator login

2) Install Google Auth Login dependency 

composer require christian-riesen/otp

CREATE KEY

3) Create a “Key name” and “Description”

4) Create a KEY

goto: /admin/config/system/keys/add

5) Choose “Key Type”: “Encryption”

6) Choose “Key size”: “256”

7) Enter key value. Generate a 256 bit encryption string and paste it in the text field.

8) Click “Save”

CREATE PROFILE

9) Create a PROFILE

goto: /admin/config/system/encryption/profiles/add

10) Create a profile Label

11) For “Encryption Method”, select “Authenticated AES (RealAES)”

12) For “Encryption Key”, select the KEY you created

13) Click “Save”

SETUP TFA CONFIG

14) Configure TFA Settings

goto: /admin/config/people/tfa

15) Select “Enable TFA”

16) Select role (“Authenticated user” for everyone)

17) For “Allowed Validation plugins:”, select “GA Login Time-based OTP(TOTP)”

18) For “Default Validation plugin”, select “GA Login Time-based OTP(TOTP)”

19) For “Number of Accepted Codes”, enter “2”

20) For “Encryption Profile”, select the PROFILE you created

21) For “Skip Validation”, enter “1”

22) Click “Save”

DONE! For the remaining variables, select as necessary.