Provides two-factor authentication for Symfony applications

Installs: 1 172 458

Dependents: 16

Suggesters: 1

Security: 2

Stars: 340

Watchers: 17

Forks: 110

Open Issues: 1


v4.14.0 2020-02-15 13:01 UTC


Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Total Downloads License

This bundle provides two-factor authentication for your Symfony application.

It comes with the following two-factor authentication methods:

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication (more than 2 steps)
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)


composer require scheb/two-factor-bundle

... and follow the installation instructions.


Detailed documentation of all features can be found in the Resources/doc directory.

Version Guidance

Version Status Symfony Version
1.x EOL >= 2.1, < 2.7
2.x EOL ^2.6, ^3.0, ^4.0
3.x Maintained 3.4, ^4.0, ^5.0
4.x Maintained 3.4, ^4.0, ^5.0
5.x In Development 4.4, ^5.0

Security Issues

If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to

Known security issues:

  • Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)

  • Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)




This bundle is available under the MIT license.