Promotions

  • Advanced Professional Gantt Dolibarr

    Would you like to see your project evolve in an efficient and structured way? The Gantt Professional Advanced Module allows you to manage all your projects in one place, without the need to use Gantt Project. We believe that you can effectively manage your projects with the right tools in place, and the Gantt Professional Advanced Module is one of them.

    300.00 €  (600€)
  • Advanced Notifier

    Our advanced notification module is designed to enhance the efficiency of your company by keeping you informed of events directly from your Dolibarr interface.

    125.00 €  (300€)

New products

Multi-Factor Authentication — TOTP / FIDO2 / YubiKey

mp22796d20250923111818

Modern MFA for Dolibarr: passkeys (FIDO2/WebAuthn), TOTP, and YubiKey OTP. Encrypted secrets, clone-detection, audit logs, and enforcement by user or role.

99.00 €
Excl. tax

Previous Next
  • Author Moisson Julien
  • Module version 2.0
  • Release date 09/23/2025
  • Access to download and updates Lifetime access
  • How to contact support contact@akyras.fr
  • Compatibility Dolibarr V18+   -   PHP7.0 - 8.2
  • Last update 04/25/2026 02:32 AM

More info...

Protect every login — without slowing your team down.

2fabyakyras is the most complete MFA module for Dolibarr. It supports three industry-standard second factors — TOTP (Google Authenticator, Authy, FreeOTP), FIDO2/WebAuthn passkeys (Windows Hello, Touch ID, hardware keys), and YubiKey OTP — and lets each user pick what works best for them.

Why 2fabyakyras?

  • Three methods, one module. TOTP, FIDO2 passkeys, YubiKey OTP. Users choose; admins control which ones are allowed.
  • Granular enforcement. Require 2FA globally, per role, or per individual user — no trade-off between security and usability.
  • Guided enrollment. Step-by-step onboarding with QR code, per-user recovery codes, and an admin-reset option. Fewer support tickets.
  • "Remember this device." Configurable duration (default 30 days). Encrypted cookie, bound to IP and user agent, stored as a hashed token — nothing exploitable in the database.
  • Audit-ready logs. Every attempt (success or failure) is logged with timestamp, IP, and user agent. Logs are paginated, searchable, and exportable. Suspicious activity triggers an email alert.

Key technical details

  • TOTP secrets encrypted at rest (AES-256-CBC, unique IV per secret).
  • Anti-replay protection: each TOTP code is single-use within its 30-second window.
  • WebAuthn clone detection: sign_count regression triggers an automatic login rejection (W3C WebAuthn spec §7.2).
  • Support for multiple WebAuthn keys per user (hardware key + platform authenticator).
  • Double CSRF layer (Dolibarr native token + dedicated 2FA token), timing-safe comparisons throughout.
  • Session ID rotated immediately after successful authentication.
  • Secure/HttpOnly/SameSite=Strict cookies, no-store cache headers on all sensitive pages.
  • YubiKey OTP validated via YubiCloud over HTTPS (HMAC-SHA1 signed, nonce-verified).
  • 60+ supported locales including RTL languages (Arabic, Hebrew, Persian, Urdu).
  • Compatible with Dolibarr v20 to v23.

Roles & separation of duties

Administrators manage methods, policies, and can view full audit logs — but cannot read, disable, or bypass a user's enrolled 2FA. Each user is fully in control of their own second factor.




If you think this module is a fork of another one (published after the first one) or violates some terms or conditions of use (for users or vendors), you can make a report at dolistore@dolibarr.org