Provides two-factor authentication for Symfony applications

Installs: 952 918

Dependents: 16

Suggesters: 1

Security: 0

Stars: 325

Watchers: 16

Forks: 105

Open Issues: 4


v4.11.0 2019-12-08 16:03 UTC


Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Total Downloads License

This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods:

  • Google Authenticator
  • Email authentication code

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)


composer require scheb/two-factor-bundle

... and follow the installation instructions.


Detailed documentation of all features can be found in the Resources/doc directory.


  • Use bundle version 4.x for Symfony 3.4 and 4.x (Recommended version)
  • Use bundle version 2.x for Symfony < 3.4
  • Use bundle version 1.x for Symfony < 2.6


Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)

Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)


You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section. For pull requests, please follow these guidelines:

  • Symfony code style (use php_cs.xml to configure the code style in your IDE)
  • PHP7.1 type hints for everything (including: return types, void, nullable types)
  • declare(strict_types=1) must be used
  • Please add/update test cases
  • Test methods should be named [method]_[scenario]_[expected result]

Besides new features, translations are highly welcome.

To run the test suite install the dependencies with composer install and then execute bin/phpunit.


This bundle is available under the MIT license.