Authentication improvements

This section is not intended to be a list of available authentication endpoints for Drupal, or a third-party integration module list. The modules included here improve the authentication mechanism. Drupal authentication is based on username and password credentials stored in the database. The user is validated against the site user list and authorized. The following modules include additional elements in the form submission or replace current fields with more secure elements. Some of the modules listed here duplicate the functionality of others.

• Two-factor Authentication: base pluggable module for providing two-factor authentication for your Drupal site.
• Duo Two-factor Authentication: Duo is the simplest and safest way to secure any Internet login or transaction. Duo uses your users' existing mobile devices for strong, usable, and safe two-factor authentication.
• SAML SSO - Service Provider: This module lets users log in to Drupal using their existing credentials from any Identity Provider (Okta, Azure AD, Google Workspace, Keycloak, etc). This module is built for performing SSO using the SAML protocol. There’s also an alternative module that gets the work done using the OAuth/OIDC protocol. It has advanced features such as custom role and attribute mapping, and multi-tenant configuration and more. Everything you need for seamless Single Sign-On is built right in. 
  The contrib version of the module works just fine, but some of the advanced features require a paid subscription to miniOrange. 
• Yubikey: YubiKey is a secure method for logging into many websites using a cryptographically secure usb token. It does not require special software, and since it does not generate the same OTP (One Time Password) more than once, nothing is shared among associated sites.
• TUPAS Authentication: Finnish banks’ Tupas certification service allows businesses and organisations providing Internet services to authenticate their customers with Tupas certificates issued by the Tupas service. In the Tupas service a bank authenticates a customer by a strong authentication method. The Tupas certificates issued by the service can also be used for signing documents electronically if so agreed by the customer and the service provider. This module provides Drupal integration to Tupas certification service and it can be used for using digital signatures to grant additional permissions for users.
• Certificate Login: Authenticate users using a certificate.
• Openid Integration: log in securely through other providers' SSL authentication using an OpenID identifier. OpenID is in core in Drupal version 6.
• OAuth: OAuth is a complete standard for external API authentication. You can integrate your Drupal site with external data from Google, Flickr, Twitter, Ma.gnolia, Yahoo and other Drupal sites that use the Web Services module. Also you can also let other sites use your site's data, by using Web Services module and OAuth as the authentication method for security.
• Site Pass: Instead of having to remember passwords users simply request a Site Pass when they need one. (This is similar to the way that airlines allow you to do on-line check-in with just an Itinerary Number instead of a username/password pair.). Checks for invalid login attempts using the Site Pass key.
• Secure Login: Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. For Drupal 7, Secure Login module also enforces secure authenticated session cookies, thus preventing session sidejacking.
• 2FA: It is an easy-to-use yet efficient module that adds an extra layer of security to your Drupal login.
  It supports all the standard authentication methods (OTP, TOTP and HOTP) as well as a few nifty ones like FIDO2. The module also offers an intuitive dashboard for administrators, along with an auditing tab for bulk user management and activity tracking. Additionally, admins can enforce 2FA policies for specific users or roles, making it a complete solution for managing authentication security in Drupal. The development of the module is supported by miniOrange, a company specializing in IAM. This module may require a paid subscription to unlock all the features.