It comes with the following two-factor authentication methods:
Additional features you will like:
- Interface for custom two-factor authentication methods
- Trusted IPs
- Trusted devices (once passed, no more two-factor authentication on that device)
- Single-use backup codes for when you don't have access to the second factor device
- Multi-factor authentication (more than 2 steps)
- CSRF protection
- Whitelisted routes (accessible during two-factor authentication)
composer require scheb/two-factor-bundle
... and follow the installation instructions.
Detailed documentation of all features can be found in the Resources/doc directory.
|1.x||EOL||>= 2.1, < 2.7|
|2.x||EOL||^2.6, ^3.0, ^4.0|
|3.x||EOL||3.4, ^4.0, ^5.0|
|4.x||Maintained||3.4, ^4.0, ^5.0|
|5.x||In Development||4.4, ^5.0|
If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to email@example.com.
Known security issues:
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)
Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)
This bundle is available under the MIT license.