Joomla! Extensions Directory



Site Access

Joomla! 1.5, 1.6 and 2.5 two-factor authentication (T-FA) plugin for use with the Yubico Yubikey one-time-password device. An accompanying component is included to manage Yubikey users.

  • Get this

With this authentication plugin you may selectively choose which Joomla users will require a Yubikey device to log into Joomla!.

Two-factor authentication is achieved by requiring a Yubikey-enabled user to first input their Joomla! password and then adding their Yubikey one-time-password to the end of that forming a single password consisting of the user's Joomla! password and their Yubikey one-time-password concatenated to the end of that. The username/password screens of Joomla! remain the same.

You can read more about the Yubikey one-time-password authentication device from the Yubico homepage at:

We're using this to implement 2 factor authentication on all our pre-3.2 Joomla! sites and it's so simple.

Just get the API key, set up the plugin, and add your users. Couldn't be easier, and very simple to explain to clients.

Works great!

Posted on 19 December 2011

Since I am the only one who logs into my site, it was simple to integrate this into the front end of the site.

The only improvement I can think of would be to allow a more advanced login - instead of having to enter my password into the front end - use the OTP as the authenticating factor.

Otherwise, a good increase in security as far as I am concerned.

It works and it is great!

Posted on 31 August 2010

Followed all instructions and it works. Just the thing a geek may dream about.

Work Great

Posted on 28 September 2009

After installing the component and plugin on Joomla v1.5.14, everything installed well. Turned on the Plugin.

Got the API Key from the API generator.

Assigned Yubikey ID to a registered user.

The authentication key (dongle) works good on both Vista and XP platforms. Both platforms recognized and installed the necessary drivers automatically.

Entered username and password+yubikey trigger button on the dongle (do not click the login button on the login form afterwards) simply wait for it to login for you, otherwise you get an "Invalid Token". If you do click the login button and you get the error, simply click on th back button on the web browser.

Couldn't get it to work with Community Builder login form. So I simply activated both Joomla Login Form and CB Login. CB Login module I placed in Registered mode. So it wouldn't display in Public area. Also works with Creative Design popup login form as well.

So far so good. Tested it on four different web sites.

Great extension!!

Posted on 27 March 2009

Does everything its supposed to do!! Its impossible im the ony one using a yubikey to login!! took me 5 minutes to install Keep up the good work!!

Yubikey Authentication

James Cutrone
Date added:
Feb 09 2009
GPLv2 or later
Free download
Uses updater:
Download DemoNot available Support Documentation
  • Overall
  • Functionality

  • Ease of use

  • Documentation

  • Support