Promotions

  • Advanced HRM : Advanced human resources management

    This module brings a layer of ergonomics and additional features in the standard Dolibarr human resources management module, such as the facility to create absence requests from the employee schedule, the addition of automatic VAT rates, the integration of the km scale on the tranche 1 and of google maps.

    145.00 €  (290€)

New products

  • Related Documents

    Gives your team instant, in-context access to every file connected to a Dolibarr record — no more switching between cards or digging through folders. It saves time, improves traceability, and helps everyone make better-informed decisions. IMASDEWEB.

    10.00 €
  • S&OP : Sales & Operations Planning

    This module Sales & Operations plannin allow to plan and manage your business over the medium term (6 to 18 months) by aligning sales, production, and inventory on a monthly dashboard. Enter your forecasts, view automatically calculated actuals, and detect discrepancies at a glance with visual alerts. Compatible with multiple companies and exportable to CSV.

    500.00 €

Multi-Factor Authentication — TOTP / FIDO2 / YubiKey

mp22796d20250923111818

Modern MFA for Dolibarr: passkeys (FIDO2/WebAuthn), TOTP, and YubiKey OTP. Encrypted secrets, clone-detection, audit logs, and enforcement by user or role. 80+ languages.

99.00 €
Excl. tax

Previous Next
  • Author Moisson Julien
  • Module version 2.0
  • Release date 09/23/2025
  • Access to download and updates Lifetime access
  • How to contact support contact@akyras.fr
  • Compatibility Dolibarr V18+   -   PHP7.0 - 8.2
  • Last update 05/13/2026 09:54 AM

More info...

Protect every login — without slowing your team down.

2fabyakyras is the most complete MFA module for Dolibarr. It supports three industry-standard second factors — TOTP (Google Authenticator, Authy, FreeOTP), FIDO2/WebAuthn passkeys (Windows Hello, Touch ID, hardware keys), and YubiKey OTP — and lets each user pick what works best for them.

Why 2fabyakyras?

  • Three methods, one module. TOTP, FIDO2 passkeys, YubiKey OTP. Users choose; admins control which ones are allowed.
  • Granular enforcement. Require 2FA globally, per role, or per individual user — no trade-off between security and usability.
  • Guided enrollment. Step-by-step onboarding with QR code, per-user recovery codes, and an admin-reset option. Fewer support tickets.
  • "Remember this device." Configurable duration (default 30 days). Encrypted cookie, bound to IP and user agent, stored as a hashed token — nothing exploitable in the database.
  • Audit-ready logs. Every attempt (success or failure) is logged with timestamp, IP, and user agent. Logs are paginated, searchable, and exportable. Suspicious activity triggers an email alert.

Key technical details

  • TOTP secrets encrypted at rest (AES-256-CBC, unique IV per secret).
  • Anti-replay protection: each TOTP code is single-use within its 30-second window.
  • WebAuthn clone detection: sign_count regression triggers an automatic login rejection (W3C WebAuthn spec §7.2).
  • Support for multiple WebAuthn keys per user (hardware key + platform authenticator).
  • Double CSRF layer (Dolibarr native token + dedicated 2FA token), timing-safe comparisons throughout.
  • Session ID rotated immediately after successful authentication.
  • Secure/HttpOnly/SameSite=Strict cookies, no-store cache headers on all sensitive pages.
  • YubiKey OTP validated via YubiCloud over HTTPS (HMAC-SHA1 signed, nonce-verified).
  • 60+ supported locales including RTL languages (Arabic, Hebrew, Persian, Urdu).
  • Compatible with Dolibarr v18 to v23.

Roles & separation of duties

Administrators manage methods, policies, and can view full audit logs — but cannot read, disable, or bypass a user's enrolled 2FA. Each user is fully in control of their own second factor.




If you think this module is a fork of another one (published after the first one) or violates some terms or conditions of use (for users or vendors), you can make a report at dolistore@dolibarr.org