Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version License

This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods:

  • Google Authenticator
  • Email authentication code

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication


composer require scheb/two-factor-bundle

... and follow the installation instructions.


Detailed documentation of all features can be found in the Resources/doc directory.


  • Recommended version: Bundle version 3.x is compatible with Symfony 3.4 and 4.x
  • Use bundle version 2.x for Symfony < 3.4
  • Use bundle version 1.x for Symfony < 2.6


Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.


You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section.

Besides new features, translations are highly welcome.

To run the test suite install the dependencies with composer install and then execute bin/phpunit.


This bundle is available under the MIT license.