Enhancing security is a major concern for all site administrators because of the increased attacks by hackers and security breaches. Google has developed an authentication service “Google Authenticator” which connects the user login details to his/her mobile. It is also known as “2-step authentication”.
Thanks to Sam Battat that same Google Authenticator app can be used on your moodle site to increase security.
Quick Steps to configure the A2FA for your moodle site are:
- Inform all your users to set up the Authenticator app before you turn on the A2FA for them.
- You need to install 2 plugins on your Moodle site, first – A2FA, and second – A2FA QR code input
- To install these plugins use moodle plugin installation interface to upload a2fa.zip and follow installation steps (use Authentication method as plugin type).
- Then install the afaqr plugin by uploading the afaqr.zip using the plugin installation interface (Choose profile field as a plugin type)
- Once these plugins are installed, go to Site Administration > Users > Accounts > User profile fields
- Add an a2fa QR code input with the shortname a2fasecret (This name is being used in the code and has to match for the system to work)
- Make this field Visible to user
- Now go to Site Administration > Plugins > Authentication > Manage authentication and enable A2FA
- Once the authentication method is enable go to the user that you want to force using this auth method and edit their authentication method.
- Please make a note that the default login page for this plugin is: http://yourmoodlesite.com/auth/a2fa/login.php
Detailed Steps to configure the A2FA for your site are as follows:
- Administrator access to the moodle site.
- Google authenticator app on the user’s smartphone for which you going to setup 2fa system. You can download it for android phones and iPhones from the links:
- A2fa plugin from this link
- A2fa QR code input plugin from this link
- Procedure (to be followed for your moodle site):
- Install a2fa plugin in yourmoodlesite/auth dirrectory.
- Install a2fa QR code input plugin in yourmoodlesite/user/profile/field directory.
- Go to site administration > users > accounts > user profile fields and add a a2fqr field type.
- Under visibility settings change to only visible to user and save the profile field.
- Then go to administration > plugins > auth and enable a2fa by clicking on the closed eye icon.
- Once enabled go to the list of users and click on the edit icon besides the user for whom you would like to enable a2fa authentication.
- On the edit user page under chose an authentication method change the authentication method to A2fa method.
- Under Other fields section click on generate new secret under a2fa qr code field. Copy the secret and click update profile.
- Procedure to be followed on user end:
- Inform your user about the setup of a2fa authentication for them and share the QR Secret with them.
- The login URL will change for those users to yourmoodlesite/auth/a2fa/login.php and they will not be able to login through normal login page.
- In the google authenticator app visit the setup account page and click enter provided key.
- Enter the shared key and name for the service.
- Then visit the url to login into the site and enter username password along with your verification code from the google authenticator app.