Drupal 8 two Factor authentication using Google Authenticator app

Two-factor authentications make login process more secure by introducing additional steps for log in apart from user name and password.

Here we are discussing about how we can achieve two factor authentication in a Drupal 8 website using TFA contributed module(https://www.drupal.org/project/tfa) and Google authenticator app.

So after the integration of all dependent modules and TFA , after normal log in, users asked to enter a 6 digit code in an application verification input box. Users have to enter 6 digit code that appears in the authenticator app. Here we will discuss the whole process in detail.

Before installing TFA we have to install dependent modules and configure those modules.

We are dividing this article into the below steps.

  1. install encrypt module
  2. install and configure real_aes and key module
  3. install and configure TFA module and ga_login module

Step 1 – install encrypt module

Real aes module has a dependency on the encrypt module . so we have to install encrypt module first .


Step 2 –install  and configure real_aes and key module

We are going to configure Encryption module real_aes and key module.

Encryption Method – [Real AES](https://www.drupal.org/project/real_aes)

Some encryption method module is required to be able to use the Key and Encrypt


Install key module (https://www.drupal.org/project/key)

Then enable key and RealAES module

Real RES module need   Defuse PHP-Encryption library so you have to install this module using below composer command

composer require drupal/real_aes

next, we are going to generate an encryption key using the command prompt. This is needed in the key configuration window.

Configuration -> System->keys

Generate a base64 key in command line

Use below command in linux

`dd if=/dev/urandombs=32 count=1 | base64 -i – > /var/www/html/your_project/encrypt.key`

Visit the Keys module’s configuration page and click “Add Key”

Provide information’s below

Next step  is to define encryption profiles.

The encrypt module allows the site owner to define encryption profiles that

can be reused throughout Drupal website. The TFA module requires an encryption profile.

We already installed the encryption module. Navigate to below page

Configuration ->system->encryption profile

Click on  “Add Encryption Profile”

Fill the below details.

  • Label your Encryption Profile
  • Encryption method: “Authenticated AES (Real AES)” – or the encryption method

of your choice.

  • Encryption Key: Select the Key you created in the previous step.
  • Save

Next step install  TFA module.

Step 3 – install and configure  TFA module and ga_login module

Download TFA module from the below link.


next  we have to install Google authenticator module from below link.


This module has multiple PHP library dependencies. See below dependencies.

“chillerlan/php-qrcode”: “1.0.8”,

“christian-riesen/otp”: “2.*”

So use composer to install this module.

Use below composer command

composer require drupal/ga_login

Enable this module.

Now we have installed all required modules. Next we are going to configure TFA module.

Navigate to TFA configuration under configuration-> People.

Select Enable TFA for account authentication.

Encryption profile we have to select what we have created in the previous step.

Keep other values as default.

In the permission page, you can select roles to set up TFA of their accounts.

If this access granted user can set up TFA in their security tab of profile page.


Clicking on the link redirect to below page where you have to provide you current password.

Next page you can see the QR code.

Download  Gooogle authenticator App from app Store.

Play store link


Apple app store link


click on ‘+’ button and scan QR code. then the authenticator app will provide 6 digit verification code that you can provide in the above application verification code field.

Click verify and Save and you can see success message and list of recovery codes.

Now all set up completed. Next we are going to logout and login again using 2 factor auth.

Login using your username and password. After click on login button , system will ask verification code.

Open your Google authenticator app.

enter 6 digit code appears in authenticator app in box shown above.

After click on verify system will redirect to admin screen.


So our entire TFA set up completed and we have tested whole functionality . note one thing in your authenticator app,  you can add multiple accounts. Also 6 digit code appearing in app keep on changing within 3 -4 second.

Get Free E-book
Get a free Ebook on Drupal 8 -theme tutorial
I agree to have my personal information transfered to MailChimp ( more information )
if you like this article Buy me a Coffee this will be an ispiration for me to write articles like this.

You may also like...