TfaWebAuthn by Adam Blunt

For modern two factor authentication with U2F keys and on-device credentials like Fingerprints/Face


Security Key

This module is essentially an update to my existing U2F Module but upgraded to use WebAuthn instead of U2F so it will continue to work in Chrome after Febuary 2022.

Note this is very much a proof of concept. it does work but I cant guarantee its reliability. its also sadly limited to a single non cross platform credential (Windows Hello, Apple TouchID/FaceID) due to the Tfa class which only allows one Tfa method at a time and also locks out the options once setup.

Its easy to setup just install the module then enable Tfa under your user profile. Enroll your key then next time you need to login you will be asked to use your WebAuthn Credential. Add as many as you like (though the will be a limit I have tested 4x succesfully)

Unlike the previous U2F libary this has many advantages. Not only do you get on device credentials like Windows Hello but you also get far better cross platform support includng NFC/Bluetooth support. I have tested it with a YubiKey on an iPhone. registered from USB on my laptop and authenticated via NFC on my phone.

This module is not a direct upgrade from the previous U2F module and will require setting up all your keys again but the was no easy way to transistion from the old U2F data. It is also a stop-gap solution until ProcessWire adds native WebAuthn support in the futue.

The Yubikey Security Key Graphic was sourced from Pixabay



Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

    Error retrieving Twitter status

Latest news

  • ProcessWire Weekly #473
    In the 473rd issue of ProcessWire Weekly we'll check out latest core updates, introduce new third party module called Template Fragment Controller, and more. Read on! / 3 June 2023
  • A look at the new Page Edit Restore module
    The new Page Edit Restore module helps to prevent page edits in the admin from getting lost when the user’s session is lost. This post covers it in detail.
    Blog / 12 May 2023
  • Subscribe to weekly ProcessWire news

“We were really happy to build our new portfolio website on ProcessWire! We wanted something that gave us plenty of control on the back-end, without any bloat on the front end - just a nice, easy to access API for all our content that left us free to design and build however we liked.” —Castus, web design agency in Sheffield, UK