Secure your Drupal account with Two Factor Authentication (2FA)
Table of Contents
Introduction
In today’s digital landscape, website security has become a paramount concern for organizations and individuals alike. With the rise of cyber threats and hacking attempts, safeguarding sensitive information and ensuring user privacy are crucial aspects of maintaining a secure online presence. When it comes to content management systems (CMS), Drupal stands as a popular and powerful choice for building dynamic websites and applications. However, with its widespread usage, it becomes an attractive target for malicious actors seeking to exploit vulnerabilities and stealing sensitive information to be used for their own selfish reasons whether monetary or not.
To counter these threats and fortify Drupal accounts, implementing robust security measures is imperative. One such powerful tool is Two-Factor Authentication (2FA), a method that provides an additional layer of protection beyond the traditional username-password combination. By incorporating 2FA into Drupal, users can enhance the security of their accounts and significantly reduce the risk of unauthorized access.
Among the various 2FA methods available, SMS-based authentication stands out as a reliable and widely adopted approach. This method involves the user receiving a one-time verification code via SMS to their registered mobile phone number, which they must input along with their username and password during the login process. This simple yet effective technique adds an extra barrier that ensures only authorized individuals can access the Drupal account.
The importance of securing your Drupal account using SMS-based 2FA cannot be overstated. This article will delve into the significance of implementing 2FA, specifically focusing on the SMS authentication method, in Drupal. We will explore how to setup 2FA in your Drupal site. By the end, you will be equipped with the knowledge to fortify your Drupal account and mitigate the risks associated with unauthorized access. Let’s embark on this journey to strengthen your Drupal security with the power of Two-Factor Authentication.
If you prefer a video tutorial, you can find it here
Step 1: Install MoceanAPI 2FA
1. To install, you need to navigate to your Drupal site’s directory in your server using a terminal
2. Run the command below
composer require "drupal/telephone_validation:^2.4"
composer require "drupal/mocean_sms_login:^3.0"
After downloaded MoceanSMS Login and Telephone number package in drupal, you need to enable it in your Drupal Administration.
Activate MoceanSMS Login: Manage -> Extend -> Search for Mocean
Activate Telephone Number: Manage -> Extend -> Search for Telephone
Tick the box and click on Install. Make sure to install both MoceanSMS Broadcast and Telephone Number
Step 2: Connect MoceanAPI account
Configure Telephone Number Field
After you’ve installed & Enabled MoceanAPI SMS Broadcast, you need to specify the telephone field to use for sending SMS to.
Navigate to Manage -> Configuration -> People -> Account Settings -> Manage Fields
Click on Add Fields, select Telephone Number and copy the Machine Name and save it.
Configure 2FA opt-in permission
Navigate to Manage -> People -> Permissions -> MoceanSMS Login
Check the box Enable and Disable MoceanSMS Login for Authenticated User
Configure MoceanAPI Credentials
Navigate to Manage -> Configuration -> MoceanSMS Setting
Get your MoceanAPI Credentials from Mocean Dashboard. Create an account here in less than 3 minutes if you don’t already have an account
Enter your credentials as well as the telephone field you get from previous step
Step 3: Initiate Two Factor Authentication
Create a user and login as the user.
You’ll see that your user have the option to opt-in or opt-out of 2FA login.
After they’ve opted-in, we will send them a 2FA code
And we will also send 2FA prompts to them whenever they logged in
Ta-daaaa, that’s how easily you can integrate MoceanAPI 2FA Login to secure your user’s accounts in your Drupal Site.
