PHPackages roelvanhintum/craft-twofactorauthentication - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. roelvanhintum/craft-twofactorauthentication ActiveCraft-plugin[Authentication & Authorization](/categories/authentication) roelvanhintum/craft-twofactorauthentication =========================================== Craft 4 plugin for two-factor or two-step login using Time Based OTP. 3.4.0(1y ago)3623↓50%27[2 issues](https://github.com/roelvanhintum/craft-twofactorauthentication/issues)MITPHPPHP ^8.1 Since May 5Pushed 5mo ago4 watchersCompare [ Source](https://github.com/roelvanhintum/craft-twofactorauthentication)[ Packagist](https://packagist.org/packages/roelvanhintum/craft-twofactorauthentication)[ Docs](https://github.com/born05/craft-twofactorauthentication)[ RSS](/packages/roelvanhintum-craft-twofactorauthentication/feed)WikiDiscussions craft-4 Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (73)Used By (0) [![Two-Factor Authentication](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/plugin-icon.png)](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/plugin-icon.png) Two-Factor Authentication ========================= [](#two-factor-authentication) Craft 4 plugin for two-factor or two-step login using Time Based OTP (TOTP, like Google Authenticator). Every user can setup TOTP themselves, the plugin does not force users. Admins can list usage in user tables. Inner working ------------- [](#inner-working) Login works as usual for users without 2-factor auth. When enabled, the user is redirected to the 2-factor verification page after login. This means the user is already logged in. When the user tries to visit an other Control Panel page than the public ones before verification, the logout is triggered. This blocks the user from visiting the CP unverified. Requirements ------------ [](#requirements) - Craft 4.0.0 and up - PHP 8.1 and up Setting up back end 2FA ----------------------- [](#setting-up-back-end-2fa) - Set `verifyBackEnd` to `true` in the config file (this is the default). - Set `forceBackEnd` to `true` if you want to prevent users from accessing the control panel without first enabling 2FA. Setting up front end 2FA ------------------------ [](#setting-up-front-end-2fa) When using a login for front end users, the following steps add 2FA support. - Copy the [two-factor-authentication.php](https://github.com/roelvanhintum/craft-twofactorauthentication/blob/craft-3.1/examples/two-factor-authentication.php) file to your `config/` folder. - Set `verifyFrontEnd` to `true` in the config file. - Define what urls should be protected with 2FA verification. Choose between using the `frontEndPathAllow` or `frontEndPathExclude`! Using both will block everything! See config for additional info. - Build a 2FA login-verify form accessible by url like the [example twig](https://github.com/roelvanhintum/craft-twofactorauthentication/blob/craft-3.1/examples/login-verify.twig). - Set the `verifyPath`. For our `login-verify.twig` example the path would be `login-verify`. - Allow users setting up 2FA in front end by building a template like the [example twig](https://github.com/roelvanhintum/craft-twofactorauthentication/blob/craft-3.1/examples/two-factor-settings.twig). - Set the `settingsPath`. For our `two-factor-settings.twig` example the path would be `two-factor-settings`. Setting up config ----------------- [](#setting-up-config) Copy the [two-factor-authentication.php](https://github.com/roelvanhintum/craft-twofactorauthentication/blob/craft-3.1/examples/two-factor-authentication.php) file to your `config/` folder. Resetting a user's 2FA ---------------------- [](#resetting-a-users-2fa) Simply remove the user's `twofactorauthentication_user` record. This disables 2FA for that user. Screens ------- [](#screens) #### Setting screen when turning 2FA on [](#setting-screen-when-turning-2fa-on) [![Setting screen when turning 2FA on](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/settings-turn-on.png)](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/settings-turn-on.png) #### Setting screen when turning 2FA off [](#setting-screen-when-turning-2fa-off) [![Setting screen when turning 2FA off](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/settings-turn-off.png)](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/settings-turn-off.png) #### Login verification screen [](#login-verification-screen) [![Login verification screen](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/login-verification.png)](https://raw.githubusercontent.com/roelvanhintum/craft-twofactorauthentication/craft-3.1/login-verification.png) ### Health Score 49 — FairBetter than 95% of packages Maintenance52 Moderate activity, may be stable Popularity21 Limited adoption so far Community23 Small or concentrated contributor base Maturity87 Battle-tested with a long release history Bus Factor1 Top contributor holds 56.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~39 days Total 68 Last Release 682d ago Major Versions 1.1.0 → 2.0.0-beta2018-06-29 2.10.0 → 3.0.0-beta.12022-05-09 2.10.1 → 3.1.02023-03-31 2.11.0 → 3.2.02023-05-04 2.11.1 → 3.2.12023-07-06 PHP version history (3 changes)2.8.0PHP >=7.3 3.0.0-beta.1PHP ^8.0.2 3.3.3PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/8537e156b8ddbf7fd474fec0f04d7282a71526455454bb804defd7b065c4a28d?d=identicon)[roelvanhintum](/maintainers/roelvanhintum) --- Top Contributors [![roelvanhintum](https://avatars.githubusercontent.com/u/1023734?v=4)](https://github.com/roelvanhintum "roelvanhintum (22 commits)")[![mike-moreau](https://avatars.githubusercontent.com/u/92817780?v=4)](https://github.com/mike-moreau "mike-moreau (4 commits)")[![romainpoirier](https://avatars.githubusercontent.com/u/4634192?v=4)](https://github.com/romainpoirier "romainpoirier (3 commits)")[![nmenglund](https://avatars.githubusercontent.com/u/4630452?v=4)](https://github.com/nmenglund "nmenglund (2 commits)")[![RobErskine](https://avatars.githubusercontent.com/u/1895120?v=4)](https://github.com/RobErskine "RobErskine (1 commits)")[![samuelbirch](https://avatars.githubusercontent.com/u/13586?v=4)](https://github.com/samuelbirch "samuelbirch (1 commits)")[![Tim-Wils](https://avatars.githubusercontent.com/u/90032?v=4)](https://github.com/Tim-Wils "Tim-Wils (1 commits)")[![brandonkelly](https://avatars.githubusercontent.com/u/47792?v=4)](https://github.com/brandonkelly "brandonkelly (1 commits)")[![weotch](https://avatars.githubusercontent.com/u/77567?v=4)](https://github.com/weotch "weotch (1 commits)")[![coxeh](https://avatars.githubusercontent.com/u/1218712?v=4)](https://github.com/coxeh "coxeh (1 commits)")[![mikestecker](https://avatars.githubusercontent.com/u/407465?v=4)](https://github.com/mikestecker "mikestecker (1 commits)")[![RichardJong](https://avatars.githubusercontent.com/u/1917924?v=4)](https://github.com/RichardJong "RichardJong (1 commits)") --- Tags authenticationcraftcmscraftcms-pluginlogintwo-factortwo-stepAuthenticationTwo Factor Authenticationtwo-factortwo-steplogincraftcmscraftcms-plugin ### Embed Badge ![Health badge](/badges/roelvanhintum-craft-twofactorauthentication/health.svg) ``` [![Health](https://phpackages.com/badges/roelvanhintum-craft-twofactorauthentication/health.svg)](https://phpackages.com/packages/roelvanhintum-craft-twofactorauthentication) ``` ### Alternatives [born05/craft-twofactorauthentication Craft 4 plugin for two-factor or two-step login using Time Based OTP. 36100.1k1](/packages/born05-craft-twofactorauthentication)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[scheb/2fa-google-authenticator Extends scheb/2fa-bundle with two-factor authentication using Google Authenticator 298.2M30](/packages/scheb-2fa-google-authenticator)[scheb/2fa-totp Extends scheb/2fa-bundle with two-factor authentication using TOTP 292.7M21](/packages/scheb-2fa-totp)[scheb/2fa-bundle A generic interface to implement two-factor authentication in Symfony applications 6914.0M61](/packages/scheb-2fa-bundle)[scheb/2fa-trusted-device Extends scheb/2fa-bundle with trusted devices support 355.1M16](/packages/scheb-2fa-trusted-device) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)