By muthanna on

Hi,

I've written a module that enables two-factor Authentication in Drupal. How it works:

1) User logs in with username and password.
2) Drupal verifies password and proceeds to call user on his registered phone number.
3) User answers phone and is prompted for a PIN code.
4) Drupal verifies PIN code an lets user into site.

This adds another layer of security to Drupal that passwords alone cannot provide. If an attacker has stolen a password (by sniffing, keylogging, or any other means), it would be useless to him. He would still need possession of the phone, and know the PIN code.

The module uses the Public TeleAuth Server and is available for download here.

Comments appreciated.

Thanks,
Mohit.

Comments

gtoddv’s picture

gtoddv commented

That is a cool idea. I am in the process of implementing a statewide intranet and this might be of use. Thanks for the work.

I am currently using the securesite module.

IamPter’s picture

IamPter commented

This is cool but doesn't seem like this is meant for people without dedicated servers since some directories are inaccessible to users with shared hosting.

dharamgollapudi’s picture

dharamgollapudi commented

very interesting.
subscribing...