A TOTP authenticator for use with silverstripe/mfa
Log in to SilverStripe with an authenticator app on your phone as a secondary factor, using a time-based one-time
This module provides a TOTP authenticator that plugs in to the silverstripe/mfa
For more information about TOTP, see RFC 6238.
Install with Composer:
composer require silverstripe/totp-authenticator ^4.0
For SilverStripe 3.7 support, please use
You will need to define an environment variable named
SS_MFA_SECRET_KEY with a random secret key, which is used
for encrypting the TOTP secret. The authentication method will not be available for use until this is correctly defined.
Please note that existing registered TOTP methods for users will not be usable on environments with different values
SS_MFA_SECRET_KEY than they were registered in.
You can also configure the length of the TOTP secret. This is the code that is displayed to users when they register
to use TOTP, for example "alternatively, enter this code manually into your app." The default length is 16 characters.
If you do not want to support manual code entry in your project, you may want to increase the length in order to
increase the entropy of the TOTP secret, however removing the secret from the UI will require adjustments to the React
components. See the
RegisterHandler.secret_length configuration property.
SilverStripe\TOTP\RegisterHandler: secret_length: 64
If you want to change the length of the TOTP codes the application accepts, you can adjust
default length is 6 characters.
SilverStripe\TOTP\Method: code_length: 10
When this method is used on the website during the multi-factor login process, it may show a "find out more" link
to user documentation. You can disable this by nullifying the configuration property
or you can change it to point to your own documentation instead:
SilverStripe\TOTP\RegisterHandler: user_help_link: 'https://intranet.mycompany.com/help-docs/using-totp'
Bugs are tracked in the issues section of this repository. Before submitting an issue please read over
existing issues to ensure yours is unique.
If the issue does look like a new bug:
Please report security issues to the module maintainers directly. Please don't file security issues in the bug tracker.
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the
Module rating system helping users find modules that are well supported. For more on how the rating system works visit Module standards
Score not correct? Let us know there is a problem