Category Archives: Symfony

How to implement Yubikey-based 2-Factor Authentication in Symfony

yubikey into usb port

I’ve been recently involved in a Symfony project where the login process had to support 2-factor authentication with Yubikeys for certain users of the application. This post describes the steps that I followed to implement this feature in Symfony.

Before diving into the details and code snippets, I’ll describe the two main requirements of the task:

  • Not every user in the system has a Yubikey, so 2-factor authentication (2FA) is not enforced sitewide.
  • The fact that a user has a Yubikey and is required to authenticate with it, is private information, which means a partial authentication has to be performed before asking the user to perform the Yubikey authentication.
  • Basic authentication is already implemented in the application against an LDAP instance, via the IMAG LdapBundle.

Continue reading