This project is not covered by Drupal’s security advisory policy.

This module includes a secure method for multi-factor authentication using VoIP Drupal and phone based pin numbers. This enhancement to basic authentication greatly improves security especially for site admins.

How Multi-Factor Pin Authentication Works:

User Scenario:

  1. Existing user adds a pin and phone number to predefined profile fields.
  2. User logs out of the site.
  3. User attempts to login with username and password.
  4. A call is submitted to VoIP Drupal and the user receives a call.
  5. The user will be instructed to enter their pin and will have 60 seconds to do so.
  6. If the user enters the pin correctly they're logged in as normal. If the user doesn't know the pin or time runs out they are redirected to the login page.

    7. It's that simple!

Included Modules

  • multifactor - Multi-Factor Core which provides hooks for during the login process and takes care of loading the user and profile fields. This is a developer only module and is normally a requirement for other multi-factor modules to work.
  • multifactor_call - Multi-Factor Call is a module that implements several Multi-Factor Core hooks. It leverages Drupal VoIP to call a user and request they enter a predetermined pin number of the user's choosing. If successful they are logged into the site. On failure the user is asked to try again. If the user takes more then 60 seconds the process is scraped.

Roadmap -

Current Development:

  • Multi-Factor Pin authentication based on VoIP Call Prompts.

Todo:

  • Developer Hooks to create other multi-factor modules. (Implemented in beta1)
  • Multi-Factor Pins based on Text Messaging.
  • RSA Style Pin based authentication with Voice or Text.

alpha - beta - stable release cycle

  • Alpha - initial code working correctly in my dev.
  • Beta - Hookify complete, authentication types are modular, code organization is complete.
  • Stable - Community feedback shows overall success. All VoIP Drupal drivers are working.

Requirements:

  1. VoIP Drupal.
  2. An account with one of the supported VoIP Drupal providers.
  3. Two private profile fields:

The following profile fields must be setup manually

  • profile_multifactor_number
  • profile_multifactor_pin

Documentation soon.

Project information

  • caution Seeking co-maintainer(s)
    Maintainers are looking for help reviewing issues.
  • Created by ben.bunk on , updated
  • shield alertThis project is not covered by the security advisory policy.
    Use at your own risk! It may have publicly disclosed vulnerabilities.

Releases