Extends security of drupal websites with 2-step phone code authentication using Android app Drulapp. This is done by splitting login screen in to two pages, one for login credentials and another for submitting code generated on phone. Code generation and Authentication is based on rfc6238 which will be valid for 30 seconds. (with one past "time step window". see the link for why it is needed).


  • Partially works offline. This is done by setting validity in days(just like Drupal core's cache validity). After validity expired Drulapp app must connect to website to get the updated buttons.
  • All device id and user related information are hashed using Sha256 and Hex encoded.
  • Configure to restrict Role(s) to whom 2-step authentication is required.
  • Flood control while device registration (code copied from drupal 7 core)
  • Device expiration and validity configuration.This will force the users to re-authenticate their device to keep their account secured.
  • Third party authentication NOT required anymore.
  • Third party SMS/OTP services NOT required anymore.
  • Configurable code length. Default is 6 digits.

Drupal 7
Drualapp android app.

publish this module on drupal.org. submitted sandbox project at https://www.drupal.org/sandbox/nithinkolekar/2856406

Alphaaa release, use with caution!