Last updated on August 26, 2022
MFA for PHP is a multi-layered approach to authenticate users to a custom PHP application. In the first step, users authenticate like they always do. This most often means entering their login and password. The second step requires users to prove their identity using one of the available secondary authentication methods, e.g., a Mobile Push authentication request sent to their phone. After completing both steps, users gain access to the custom PHP application. MFA for PHP stops malicious actors from breaking into accounts even if they know the password.
For step-by-step instructions on how to enable Rublon Multi-Factor Authentication on your custom PHP app, click the following link:
How to Enable MFA for PHP Custom App
Rublon Protects Custom PHP Apps With MFA
The Rublon PHP SDK adds an extra layer of security by challenging the user for MFA. After entering their password, the user must complete secondary authentication using one of the following authentication methods:
- Mobile Push – a push notification sent to the user’s phone
- Mobile Passcode (TOTP) – a 6-digit passcode generated by the Rublon Authenticator mobile app
- SMS Passcode – a passcode sent to the user’s phone via text message
- QR Code – a QR code the user scans using the Rublon Authenticator mobile app
- Email Link – a verification link sent to the user’s email address
The Rublon PHP SDK can challenge a user for MFA in the following two situations:
- When a user signs in to their account
- When a user starts a security-sensitive transaction such as changing their password
You can also use the Rublon PHP SDK to protect applications written in PHP frameworks such as Laravel.