Drupal 8 Improve Weak Authentication with OTP on Reset Password
Drupal 8 Improve Weak Authentication with OTP on Reset Password

Drupal 8 Improve Weak Authentication with OTP on Reset Password

Shamsher Alam Shamsher Alam

Shamsher Alam

Senior Solutions Specialist - Drupal @ Nasdaq | Blogger | Trainer | Drupal Enthusiast | Mentor | Drupal 7, 8, 9, 10 Acquia Certified

发布日期: 2018年6月23日
+ 关注

Introductory

This module helps in achieving Two-factor authentication (2FA) by sending and validation OTP via email. This process is often referred to as two-step verification, which enables a security process in which the user provides two authentication factors to verify they are who they say they are.

This will enhance the authentication process of reset password workflow by adding email OTP verification.

How it will work?

  • Process will begin froma resetting password. Once user has the initiated the password reset workflow he/she will receive two email one is reset password email and other is Email OTP, which will contain six-digit verification code.
  • After clicking on reset password link user has to add its Email OTP into provided OTP verification text-field. Once provided it will a be verified to the OTP saved for a current user. If provided OTP has not expired and is validated as correct OTP only then user password will be reset else it will be prompt "Either OTP has expired or invalid OTP provided.

Please follow these screenshots to configure this module.

Module Configuration Steps:

  • Enable module normally.
  • Go to this URL "admin/config/integration/reset-email-otp-auth"
  • Set configuraiton mail template, wrong attempt limit and lenght of OTP character.
  • Make sure in Body template [OTP] must be there.
  • Save form configuration and go to "admin/structure/block"
  • Go to content region and add OTP form block, Set visibitly url in form block "/user/reset/*"
  • Save form block.

Features Flow:

  • User will reset his password more then one time so only last one will be valid.
  • User will get two mail one is OTP and one is one time URL link.
  • When user will access one time URL once user click on it drupal will ask for OTP.
  • Once OTP will validate user can reset his password.
  • If user attempt more than six time wrong OTP attempt, User account will block and get block mail notification.

Directory Structure:

Generate OTP combination:

Validate OTP and redirect to user profile form.

User Block on wrong attempt

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible.

Please use this module and refer issue queue to make it more secure.

Drupal.org: https://www.drupal.org/project/reset_pass_email_otp_auth


Thanks

Shamsher Alam

要查看或添加评论,请登录

Shamsher Alam的更多文章

社区洞察

其他会员也浏览了