A2FA or Etouffee as I like to call it!

A2FA is multi-factor authentication plugin that uses time-based tokens generated every 60 seconds in Google Authenticator app. A2FA Stands for Another Two-Factor Authentication

This plugin requires another small plugin (profile field plugin) get it from here [link to afaqr]

The field is to add a QR code for the user to be able to sync Google Authenticator with the a2fa system.

Installation:

To install these plugins use moodle plugin installation interface to upload a2fa.zip and follow installation steps (use Authentication method as plugin type).

Or upload the a2fa folder to /auth/ directory and follow installation steps after you visit your site's main page.

Then install the afaqr plugin by uploading the afaqr.zip using the plugin installation interface (Choose profile field as a plugin type)

• Once these plugins are installed, go to Site Administration > Users > Accounts > User profile fields

• Add an a2fa QR code input with the shortname a2fasecret (This name is being used in the code and has to match for the system to work)

• Make this field Visible to user

Now go to Site Administration > Plugins > Authentication > Manage authentication and enable A2FA

Once the authentication method is enable go to the user that you want to force using this auth method and edit their authentication method.

How to set up A2FA for a user:

If you set the login methed for your user(s) to be A2FA the user cannot login to set up their Authenticator app with the QR code because they don't have the 60-second password on their phone or tablet to log in (it is not yet set up)

One way to solve this issue is by generating the QR code and email it to your user, or have tell your users to set up the Authenticator app before you turn on the A2FA for them (Give them a week or so for example)

How to login:

Once the A2FA is activated for a user, the default login page does not allow the user to successfully login because it does not have the required field for the one-time token generated by Goodle Authenticator app.

The default login page for this plugin is:

yourmoodlesite.com/auth/a2fa/login.php

You could make this login page the default for all users but if a user does not have the A2FA set up or enabled they will not be able to login. So rather, just have your A2FA user go to the above url to login.