Protect your Drupal site from unauthorised access
Have you ever thought what would happen if an unauthorised person were to gain access to the backend of your Drupal website via an admin or editor login?
As well as the risk of your website being defaced or even taken down entirely by such an attack, your organisation also risks breaching GDPR if user data or other sensitive information stored within your website becomes exposed. Your organisation's brand and reputation also suffer greatly from such unwanted activity.
It's a scary scenario to imagine - but it could easily become a reality in this world of ever-increasing cyber security attacks.
Multi-Factor Authentication (MFA) is a must-have security measure for all diligent businesses and organisations who are looking to heavily minimise the risk of any of their key Drupal user accounts being exploited.
Adding this simple additional login step for administrator and site editor users could be the difference between your site remaining protected versus a vital user account being accessed and exploited by a phishing or cyber security attack.
What is 2FA / MFA?
Two-Factor or Multi-Factor Authentication (2FA / MFA) is becoming an increasingly common practice when logging into websites and other digital services.
It provides an additional layer of security to user accounts and ensures that even if a user's login credentials become exposed, a successful login still cannot take place without additional authentication.
For genuine users, a simple extra authentication step is all that is needed when logging into the website to fully confirm their identity and be able to then proceed as normal with managing the website.
The authentication step is typically completed by either:
- clicking a link sent in an email
- receiving and keying in a code sent by SMS message to a mobile
- keying in a code from an authenticator app such as Google Authenticator, Microsoft Authenticator or Authly.
By successfully completing this quick extra step, the user is confirming that it is genuinely them and not someone who has fraudulently obtained their login credentials. The process also acts as an alert to the real user if a fraudulent login attempt takes place.
Simple to use...
Your organisation's admin or editor user visits your website and proceeds to log in as normal with their username and password.
After entering their login details, the user is then prompted to verify themselves via their chosen authentication method.
Access to the website is only gained when the authentication step is successfully completed to prove the login is from the genuine user.
The Drupal MFA solution from Adaptive
Although there are a handful of Drupal modules out there that look to offer 2FA / MFA solutions, we have found that each has significant drawbacks. Either modules aren't yet fully developed, are not covered by Drupal’s security advisory policy or are limited to only working with very specific services or authentication methods.
Because of this, we've created our own MFA solution for Drupal sites which integrates a leading MFA tool seamlessly into existing Drupal websites.
The MFA solution is then configured to trigger for the specific user accounts that you wish to protect (i.e. it can be added to your organisation's admin and editor user accounts without impacting on your public users' login process). You can also choose which authentication method(s) each user can use when logging into the site.
Set-up and Plans
MFA for your Drupal website is available for a one-time setup fee plus a monthly subscription based on the number of user accounts that you wish to protect with MFA.
The initial set-up includes full installation of the MFA solution on your website and configuration of each individual user's MFA settings.
Adaptive will also perform a wider user security audit to identify any other potential issues or risks that may also impact on the security of your key user accounts and offer recommendations for further securing these in addition to adding MFA to your site.
The monthly subscription includes all licensing costs plus any MFA-related support for the website or users and help with adding further users to MFA (within your plan limit) as and when needed.